Security Audit

From prototype to production, BCFG works closely with projects through the complete development cycle to identify security issues and recommend best practices. With recurring exploitations, rugpulls and hacks infiltrating the Decentralised Finance sector, our mission is to mitigate and pinpoint all possible security risks and flaws within each line of code. All audit reports will be tailored to different clients, unlike some audit firms that provide identical reports to different projects.

Other than establishing a secure platform for our clients, we strive to promote a secured and safe environment for the DeFi community as well.

Audit Process

1. Exploration

Our team of specialists will engage with clients to find out more about security needs and the smart contracts required for audit. We will research the project’s concept and logic flow during this stage.

2. Quotation

After researching and understanding our client’s needs, we will prepare a project proposal, including a timeline and budget.

3. Audit

Our team of auditors will work with you to improve the security of your product contracts while generating our audit report.
Some of the important steps for audit includes:

  • Conduct Attack Vulnerability Tests: Analyze whether any of the relevant attacks documented above could be successfully launched against the contract.
  • Detail Vulnerabilities Found and Concerns: discuss critical medium, and low severity vulnerabilities, along with suggestions for fixes
  • Analyze Contract Complexity
  • Analyze Failure Preparation
  • Analyze Code Currency: Are all libraries and tools updated to their latest versions? Latest tool versions could come with vulnerability patches, so using older versions is an unnecessary and easily preventable risk.
  • Analysis of Re-used Versus Duplicated Code
  • Analyze External Calls:
    • Are State Changes After External Calls Avoided?
    • Are Untrusted Contracts Marked?
    • Are errors in external calls handled correctly?
    • Do external calls favor push over pull?
    • Analyze security of on-chain data
    • Timestamp dependence

4. Review and Resolve

Based on our audit findings and recommendations, we support your team to address the issues identified and resolve with recommendations.

5. Publish Final Audit Report

After verifying all of the security issues that have been addressed, our team will deliver and publish a final audit report for the contracts reviewed.
*To avoid conflict of interest, we will not provide audit services to projects/clients who have engaged BCFG services that fall under “Blockchain Development”.

Chrome

Get in touch


We'll do our best to get back to you within 6-8 working hours.