What steps should be taken by companies preparing for a smart contract audit?
Below are our recommendations for companies looking to engage smart contract auditors.
Not certain what you want audited yet? No issue, many companies can work alongside you in order to be able to adapt to the changing security of your new project. That said, most audit reports are based off of a singular hash (or series of hashes) relating to your overall repository. In order to assure your users that you are taking the proper steps for their security, focus on providing an easily identifiable hash, such as a Git commit. Scoping to this amount will allow you a clear price and timeline.
Timelines are absolutely critical in launching in crypto. Launch too early, and you may miss a huge business opportunity. Launch too late, and you may miss the next big industry rush. Either way, ensure that your launch is not impeded by smart contract security. If you are aiming to launch shortly after an audit - make that clear to your auditors up front. While not very often, certain fixes may result inlarge structural changes which require more time than intended.
Ensure you have your engineers on staff. Many potential findings are simply the result of a false positive. Having someone reachable regarding your protocol is critical.