The audit usually takes about two weeks if the source lines of code are small. If the project is more complex and source lines of code are large (e.g.,> 5000), it can take 1 to 2 months.
Once the preparation phase is completed, during the first step of our audit, AuditOne team members talk to the client to fully understand the product and to agree on the scope (at a later stage, our auditor committee will own this task). Here, AuditOne requests supporting documentation and potential questions arising from the initial review. For open-source projects, we browse through the GitHub repository and achieve this step by ourselves.
For communication, we use mainly our Discord server. For every audit, we make a dedicated channel visible to the AuditOne team, the involved auditors, and the project team.
Our auditors discuss their findings and peer-review them to ensure strong validation, especially for high & critical issue findings. Every auditor will draft a report with our reporting tool that guides them through standardized industry checks.
Yes, all our auditors must complete KYC and pass our onboarding tests. During the test, we provide them with real examples of malicious smart contracts and examine their knowledge of tools, procedures, and smart contract functions. Once applicants complete the test, our senior smart contract auditors review the results upon which the applicant can be admitted or rejected.
Our senior auditors have 3+ years of experience with auditing and smart-contract development. Most also work on freelance platforms such as Code4rena, where they achieved high rankings by participating in numerous audits.
It depends on the complexity of the smart contract and the difficulty of the functions in it. Generally, costs are based on the SLOC. However, we are more affordable than the competitors since we reduce the fixed costs through our platform and take only a small fee for the audit. Please contact us for a quote: we will quickly evaluate your code and give you a high-level estimate of the costs.
Almost all languages and chains. Contact us for more information (hello@auditone.io)
You will have time to resolve issues or hand in cases of doubt before moving to the reporting phase. The project should resolve all issues. However, you can also leave issues as they are. The final report will indicate “acknowledged” instead of “resolved”.
Read our blog on “How to prepare for a successful smart-contract audit”