> For the complete documentation index, see [llms.txt](https://book.dragonsploit.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.dragonsploit.com/web3/process.md). # Audit Process ## Audit Process When starting an audit, it is good to know when you are going to stop. > Set myself the goal of fully understanding the system to the point where I could reimplement it from scratch without being allowed a look at the original codebase. Not from remembering the code, but from having understood what the application is supposed to do. If you have examined a project that far and have not found a bug, the chances of finding one by continuing is low. However, if there is a bug in there, your chances of finding it with this method are high. \- Alexander Schlindwein The audit process will be different based on if you are doing an audit on a bug bounty program, your own program, or have been hired either directly or working with an organization. However, the basic ideas of each of these steps should be considered for all audits. 1. Go through a [pre-audit](https://github.com/man715/HackNotes/blob/main/web3/process/pre-audit.md) checklist with the project team 2. Read specification/documentation of the project to understand the requirements, design and architecture 3. Run fast automated tools such as linters or static analyzers to investigate common Solidity pitfalls or missing smart contract best-practices 4. Manual code analysis to understand business logic and detect vulnerabilities in it 5. Look over the layout to see if it matches best practice and to understand how it is laid out if not 6. Create a data flow diagram (Consider using tools to help with this such as: [ThreatDragon](https://github.com/man715/HackNotes/blob/main/web3/tools/threat-dragon.md), [Etherscan](https://github.com/man715/HackNotes/blob/main/web3/tools/etherscan.md), [VS Code Solidity Auditor](https://github.com/man715/HackNotes/blob/main/web3/tools/vscode-solidity-auditor/README.md)) 7. Run slower but more deeper automated tools such as symbolic checkers, fuzzers or formal verification analyzers which typically require formulation of properties/constraints beforehand, hand holding during the analyses and some post-run evaluation of their results 8. Create proof-of-concept attacks to validate any findings 9. Communicate the status with the project team and get clarification on business logic or threat model 10. Steps 1-6 are more cyclical in nature than check off and move on 11. Write report summarizing the above with details on findings and recommendations 12. Deliver the report to the project team and discuss findings, severity and potential fixes 13. Evaluate fixes from the project team and verify that they indeed removed or mitigated the vulnerabilities identified in findings ***Note:** some skip step two and go directly into step 3. This is because documentation can lead you astray because it is wrong or misleading; however, the code is the source of truth.* ### Layout 1. pragma directives 2. import directives 3. Structs/Enums/Contracts 1. state variables 2. events 3. errors 4. modifiers 5. constructor 6. functions ## Where to Start When presented with several contracts and hundreds of lines of code, it may be daunting to find a starting place for the manual audit or even to start reviewing the code. Consider starting with either the [asset flow](https://github.com/man715/HackNotes/blob/main/asset-flow.md) or the [access control](https://github.com/man715/HackNotes/blob/main/access-control.md) areas of the smart contract. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://book.dragonsploit.com/web3/process.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.