What we've learned from auditing smart contracts on Code4rena

Literally thousands of smart contracts are being coded around the world right now. Seriously. There are already 4.6M smart contracts running on Ethereum, with Q4 2022 reaching the highest peak of deployed smart contracts on said blockchain. Quite a number, huh?

But, how can we trust smart contracts? Code is powerful, but it’s written by humans. Humans make mistakes. And when there’s money involved—as is the case for DeFi (Decentralized Finance) protocols—you can bet there are people out there trying to benefit from security breaches these projects might have. According to a blockchain analysis firm, USD 3.8 billion was stolen in hacks during 2022 only.

Fortunately, developers are as committed as ever to continue to make the blockchain ecosystem a safer place.

Introducing: Smart Contract Audits

Our blockchain experts at CloudX are giving back to the crypto community by participating in smart contract audits. Public protocols, such as those deployed on the Ethereum blockchain, might have vulnerabilities that could be exploited by people with malicious intentions. Smart contract audits allow companies working on DeFi projects to guarantee security—or at least increase confidence—on the products they’re developing.

There are private companies that offer this service, but there are also community-driven smart contract audits. We’ve been participating in some contests held in Code4rena, a platform where smart contracts developers—aka the Sponsors—put their projects out there for crypto enthusiasts—aka the Wardens—to audit their code. When an audit ends, a team of Judges decide the severity, validity and quality of findings and rate the performance of Wardens, who are then rewarded in crypto.

In one of the audits, our blockchain specialists uncovered a vulnerability in one of the functions provided by OpenZeppelin, which is one of the most popular standards for secure blockchain applications. In certain cases, this function is incorrectly used to determine if a protocol is interacting with a contract, but this approach could open a window for potential attackers to seize and drain digital wallets. This is a clear example of how important smart contract audits are, and how these community-driven projects help the blockchain environment become a safer place each day.

Being involved in smart contract audits boosts our development process, because it helps us get into a mindset where we question our implementations from a different perspective. We’ve found auditing is a fantastic way to learn and develop a critical eye, which in turn makes us better software developers. Besides, we get to see implementations of protocols hot off the press! This is really interesting because we are in contact with innovative uses of new standards in real-life products that are being launched right now.

On a final note…

Let’s think for a moment: how cool would it be to have experienced Web 1.0 in the making? To be deeply immersed in the technological breakthroughs of the Internet back in the 90s? Well, maybe some of you reading this article actually were! Blockchain is history in the making. The blockchain ecosystem doesn’t stop evolving, and it’s helping to shape a new Internet. Auditing smart contracts is an awesome way to get deep into the foundations of a technology that the next generations will take for granted. We can do our part to make it a more secure place for everyone.