Evaluating the initial commit and the last commit with the fixes, Vidma audit team set the following codebase quality mark.
Score
Based on the overall result of the audit and the state of the final reviewed commit, the Vidma audit team grants the following score:
In addition to manual check and static analysis, the auditing team has conducted a number of integrated autotests to ensure the given codebase has an adequate performance and security level. The test results and coverage can be found in the accompanying section of this audit report.
Please be aware that this audit does not certify the definitive reliability and security level of the contract. This document describes all vulnerabilities, typos, performance issues, and security issues found by the Vidma audit team.
If the code is still under development, we highly recommend running one more audit once the code is finalized.
Vidma audit team uses the most sophisticated and contemporary methods and well-developed techniques to ensure contracts are free of vulnerabilities and security risks. The overall workflow consists of the following phases:
After the Audit kick-off, our security team conducts research on the contract’s logic and expected behavior of the audited contract.
Vidma auditors do a deep dive into your tech documentation with the aim of discovering all the behavior patterns of your codebase and analyzing the potential audit and testing scenarios.
At this point, the Vidma auditors are ready to kick off the process. We set the auditing strategies and methods and are prepared to conduct the first audit part.
During the manual phase of the audit, the Vidma team manually looks through the code in order to find any security issues, typos, or discrepancies with the logic of the contract. The initial commit as stated in the agreement is taken into consideration.
Static analysis tools are used to find any other vulnerabilities in smart contracts that were missed after a manual check.
An interim report with the list of issues.
Within the testing part, Vidma auditors run integration tests using the Truffle or Hardhat testing framework. The test coverage and the test results are inserted in the accompanying section of this audit report.
Second interim report with the list of new issues found during the testing part of the audit process.
For simplicity in reviewing the findings in this report, Vidma auditors classify the findings in accordance with the severity level of the issues. (from most critical to least critical).
All issues are marked as “Resolved” or “Unresolved”, depending on if they have been fixed by project team or not. The issues with “Not Relevant” status are left on the list of findings but are not eligible for the score points deduction.
The latest commit with the fixes reviewed by the auditors is indicated in the “Scope of Work” section of the report.
The Vidma team always provides a detailed description of the issues and recommendations on how to fix them.
Classification of found issues is graded according to 6 levels of severity described below: