A smart contract audit is a security review of blockchain code by independent researchers to identify vulnerabilities, logic errors, and potential exploits before deployment.
Audits combine manual and automated analysis. Manual review, where auditors examine code line by line, makes up roughly 90% of the work. Automated analysis using static analysis tools like Wake helps surface common issues and code quality problems, but cannot replace human judgment for complex logic and protocol-specific risks.
During an audit, security researchers typically:
- Analyze the codebase for known vulnerability patterns (reentrancy, access control issues, arithmetic errors)
- Test edge cases and attack scenarios by deploying contracts locally
- Review business logic against documentation and intended behavior
- Check for compliance with relevant standards (ERC-20, ERC-721, etc.)
- Manually fuzz-test critical functions to discover unexpected states using Wake Framework
Audit findings are classified by severity – from informational notes to critical vulnerabilities that require immediate fixes. The final report documents all issues found, their potential impact, and recommended fixes.
Ackee Blockchain has performed security audits for protocols including Lido, Aave, Safe, Axelar, and LayerZero. Our reports classify findings into six severity levels: Informational, Warning, Low, Medium, High, and Critical. Read our audit reports here.
