gm all fellow tech enthusiasts and startup aficionados! As we journey forth in the pursuit of innovation, it has become paramount that we undergo an audit of our endeavors, my frens. This is especially true in relation to our investors. We embarked upon a holistic approach in tackling the Smart contract framework, requiring the assembly of pertinent Docs, video presentations, Github code, and, of course, a preliminary security audit.
Before it, after 6 months since launch, our blockchain developer ecosystem included the following:
- Informal security audit
- Meticulous documentation and lucid descriptions of our APIs, versions of our smart contract framework/developer docs
- Impeccable recording of a video introduction/podcast
- Cognizant utilization of GitHub with source code.
| Auditor | Type | Price | Comment | Also audited |
|---|---|---|---|---|
| WatchPug | 1-day review, full audit | $35k | recommended for the first iteration; | Code4rena participant |
| Pessimistic | full audit | $18k | quite cheap, recommended for the first iteration | xdao |
| Hacken | full audit | |||
| BlockSec | full audit | |||
| Code4rena | bug bounty | by choice | not so effective | |
| Immunify | bug bounty | by choice | post-launch | |
| Cmichel | 1-day review | |||
| ChainSecurity | full audit | $200-300k | Compound | |
| MixBytes | full audit | $50k | what left of initial mix bytes (not recommended) | Aragon |
| Statemind | full audit | $25k per week; 1000 loc for 1 week; | founded by mix bytes team. seems to be overpriced. small team | Aragon |
| CertiK | full audit | not recommended, only static analysis & auto tests | ||
| Mudit Gupta |
Oh boy, this topic was one doozy! I poured my heart, soul, and everything in between into it. I’m talking tears, sweat, and maybe even a bit of blood (not gonna lie, it got that intense – I wish I could say that I battled it out with some feisty blockchain developers, but alas, we actually got along quite swimmingly.) In the end, we went with Pessimistic.