AuditOne Docs
Search
K

Auditing and Reporting Process

  1. 1.
    A virtual kickoff meeting is held for the project and auditing teams.
  2. 2.
    The audit pool's lead auditor is chosen based on their abilities and expertise.
  3. 3.
    The codebase is subjected to automated audits by the auditors.
  4. 4.
    Auditors work independently to audit the code manually.
  5. 5.
    Auditor report issues discovered on a private GitHub.
  6. 6.
    Auditors meet to discuss their findings.
  7. 7.
    Lead auditor compiled all findings into a preliminary report.
  8. 8.
    The AuditOne team reviews the preliminary report before sending it to the project.
  9. 9.
    The project addresses any unresolved concerns raised by auditors.
  10. 10.
    Auditors confirm that the revision did not introduce any new problems.
  11. 11.
    AuditOne examines the final report prepared by the lead auditor before delivering it to the project.

Categories of Issues

Severity
Description
High Issues
Funds or control of the contracts can be compromised directly. We recommend fixing high issues with priority as they can lead to severe losses.
Medium Issues
The impact of medium issues is less critical than high but still probable with considerable damage. The protocol or availability could be impacted or leak value with a hypothetical attack path with stated assumptions.
Low Issues
Low issues impose a small risk on the project. Altogether we do not estimate the impact to be too great, and we recommend fixing them on a long-term horizon. E.g., assets are at risk: state handling, function incorrect as to spec, issues with comments.
Quality Assurance
Informational & Optimization: Depicting on the chain, performance issues can lead to a slower execution or higher gas fees. E.g., code style, clarity, syntax, versioning, off-chain monitoring (events, etc.).