Runtime Verification Audit Readiness Guide
Expert Verification
All of our engineers are trained formal methods experts, and we take a formal verification-oriented approach to security audits.
Maximize Your Audit
To help you get the full experience and maximum benefit from our security reviews, we've prepared the audit readiness guide.
- Freeze Your Code
Make sure your code is 'feature-frozen' at least 2 days before the audit begins.
- Clean & Readable
Fix compiler warnings and remove dead or unused code.
- Imports & Dependencies
Make sure third-party libraries are locked to specific versions.
- High Test Coverage
Ensure that your tests cover the core functionality of your protocol.
- Edge Cases
Include edge and negative test cases.
- Migration and Integration Checks
Test the integration points between your protocol and external systems.
- Fuzzing Tests
Add fuzzing or property-based tests if available.
- Protocol Overview
Write a simple overview of how your protocol works and its main components.
- Protocol Diagram
Supply a simple diagram of how contracts interact internally and externally.
- Code Comments
Use NatSpec or inline comments for complex logic or security-critical sections.
- Setup Guide
Share a quick setup guide for installing dependencies.
- Deployment Steps
Include instructions for building and deploying the contracts.
- Previous Audits / Known Issues
Share any prior audit reports or known security considerations.
- Scope Definition
List contracts/files to be audited vs. excluded.
- Monorepo Specification
If using a monorepo, specify which folders apply to the audit.
- Deployment Timeline
Communicate any critical deployment dates.
- Designate a Point of Contact
Designate a point of contact who will be available during the entire audit window.
- Prompt Response
Respond promptly to questions or clarifications from our team.
- Fix Review
Plan a quick turnaround for applying fixes and letting us re-check them.