2019 is supposed to be a year of STOs (Security Token
Offers). According to regulators, it is necessary to conduct
external technical audit of STOs including smart contracts and
infrastructure.
The presentation contains full detailed methodology of smart contracts
audit.
The first part is about smart contract testing process. It contains
steps to setting up testing environment, special features of writing
tests for smart contracts in contrast to other kinds of applications,
tips for using Solidity-Coverage tool.
The second part describes which security tools are appropriate for different
cases of audit and shows the best practices of using them. The
reviewed tools are Mythril, Solhint, Surya, Echidna, ContractFuzzer, Manticore,
Slither and some proprietary software.
The third part is about manual searching for vulnerabilities and
non-optimal gas consumption in smart contracts. Main patterns were
collected while researching dozens of smart contracts.