Audit report

smart contract auditsecurity audit

A security firm's written review of smart-contract code, classifying findings by severity and tracking issuer responses.

Reputable audit firms include Trail of Bits, OpenZeppelin, Certora, Spearbit, ChainSecurity, and Halborn. A clean audit is necessary but not sufficient — many post-audit exploits have stemmed from oracle manipulation, governance attacks, or upgradeable-proxy mistakes that fell outside the audit scope.

Related terms

Trail of BitsA leading security firm that audits high-value smart contracts — best known for their depth on cryptographic primitives.
OpenZeppelinA leading smart-contract security firm and the maintainer of OpenZeppelin Contracts — the most-used Solidity library.
CertoraA formal-verification firm that produces machine-checked proofs of smart-contract invariants.
Formal verificationMathematical proof that a smart contract satisfies stated invariants under all reachable program states.
Bug bountyA standing reward programme paying ethical hackers for responsibly disclosed vulnerabilities.