The following information is always in draft status and should be used as a guide. If you are a security professional, please join our research and contribute to our ongoing effort!
Risk Associated Questions to Consider
The associated risk (potential threat level) of a smart contract will dictate the level of auditing it needs to go through. Here are a few questions you can ask yourself to ascertain its associated risk level:
1.
Does it control funds?
2.
Are official decisions derived from it?
3.
What potential network effect impacts could it have?
network congestion
associated costs of usability depending on current network congestion
Examples in the wild to learn from?
Levels of Auditing
Once you have figured out the risk of a given smart contract, then you can decide what type of auditing it should go through for deployment.
Internal Review - within working group
Internal Review - including internal auditor outside working group
1 round of external 3rd party auditing
$n$ rounds of external 3rd party auditing
Topics to be Audited
Here is a list of topics to be aware of when performing audits: