Smart contracts: audit em all like a security engineer

Dont let reentrancy and front-running attacks, signature replay, gas issues, sensitive data leakage, deadlocks, and various kinds of vulnerabilities in smart contracts pfaff you around.

Blockchain systems are often taken as safe and secure by default. But oops they are not until someone takes proper care of their security. Do you know that smart contracts, which are code stored on a blockchain, can be abused and misused just like other software?

In our new engineering blog post Smart contract security audit: tips & tricks , weve gathered tips & tricks that will help you eliminate risks and threats and happily survive in this wild wild west.

The first step is a security audit.

Security audit of smart contracts differs from auditing "traditional software". Weve spent years building, auditing, and improving security / cryptography within cryptocurrency fundamental protocols, nodes, wallets (must check Crypto wallets security as seen by security engineers ), and bridges, so we have lots to tell about it ;)

To cover what you need to secure the smart contracts code, infrastructure, and data flow, weve focused on the Tezos network and freshly-baked audit of the Tezos Project in Allbridge Classic . Dive in!

Smart contracts have a lot in common with distributed applications but differ in details. They are generally small and easier to review. They have unique threat vectors, like malicious bakers or gas exhaust. They dont store any private data but they still operate with sensitive information: signatures, administrator addresses, user balances, etc. Check them out!