Solidity Lab
  • πŸ§ͺGuardian - Solidity Lab
  • πŸ“šEncyclopedia of Solidity Attack Vectors
    • πŸ”Reentrancy
    • βœ‹Contract Cannot Accept Ether DoS
    • β›½Gas Griefing
    • πŸ‘ΏisContract Manipulation
    • πŸƒβ€β™‚οΈπŸƒβ™‚ πŸƒβ™‚ Front/Back-Running
    • βͺExternal Call Reverts DoS
    • πŸ•block.timestamp Manipulation
    • 🎣tx.origin Phishing Attack
    • πŸ“©Directly Sending Funds
    • ✍️Signature Malleability
  • πŸ“šEncyclopedia of Common Solidity Bugs
    • βž—Division Precision Loss
    • ‼️Unexpected Panic Revert
    • πŸ‘¬Matching to/from Addresses
    • ⏸️Forget to Update Parallel Data Structures
    • 🚫Lack of Success Checks
    • πŸ€·β€β™‚οΈπŸ€·β™‚ πŸ€·β™‚ Lack of Access Control
    • πŸ“Inaccurate Allowance
    • πŸ”ΌOverflow/Underflow
    • πŸ’²Unsafe ERC20 Operations
    • 🦺Lack of Exception Handling
    • βœ–οΈDuplicate Values
    • βš–οΈAsymmetrical Code
    • πŸ›‘Constant Protocol Parameters
    • ⬆️Storage Not Updated
    • πŸ•΅οΈDelete Item, Unupdated Index
    • 🎁Native vs Wrapped Handling
    • 1️⃣1⃣ 1⃣ 1⃣ Off By 1
  • πŸ“™The Auditors Handbook
    • πŸ“The Auditing Process
      • 0️⃣0⃣ Audit Setup/Preparation
      • 1️⃣1⃣ Beginning The Audit
      • 2️⃣2⃣ The Meat of The Audit
      • 3️⃣3⃣ Writing Tests & PoCs
      • 4️⃣4⃣ Wrapping Up The Audit
      • 5️⃣5⃣ After The Audit
      • 6️⃣6⃣ Addendum
Powered by GitBook
On this page
  • Tie Up Loose Ends
  • Validate Findings
  • Create The Report
Edit on GitHub
  1. The Auditors Handbook
  2. The Auditing Process

4⃣ Wrapping Up The Audit

It's been fun

Tie Up Loose Ends

The audit is coming to an end!

Review and resolve all @audit tags and make sure every last note/thought you had is resolved. Then take the time to double-check that all of your findings are in the doc and that they are adequately documented with accurate line numbers and suggested changes.

Validate Findings

After everyone has finished their review, go through the findings doc and independently validate each finding. More complex/dubious findings can be discussed and defended as a group.

As a part of the verification process, ensure that the recommended fix fully resolves the issue in a desirable way.

PoCs are critical for sharing and defending a finding, make sure your PoCs are legible and sufficiently commented.

Create The Report

Now it's time to create the report!

For each valid finding, populate a slide in the report with the description, file/line, criticality, status, and remediation. Read through the description/remediation several times to correct any typos and re-word as necessary.

For high-severity findings, link to their corresponding PoCs for more context.

Deliver the report along with the test suite repo. With the repo included, the team can refer to PoCs, see the due diligence that was done, and perhaps even adopt the test suite as they make remediations.

Previous3⃣ Writing Tests & PoCsNext5⃣ After The Audit

Last updated 2 years ago

πŸ“™
πŸ“
4️⃣