Security analysis is vital for DAPP development. Fortunately, it is already an industry standard to order a third-party audit. However, initial internal security analysis is also possible and recommended. Still, if you have never audited a smart contract, this might be a challenging task. We have made this guide to shed some light on such a thing as security audit.

This guide is made mainly for beginners. So, if you are pro, you probably won’t find anything new. Nevertheless, if you are a developer, you can use this guide not only to improve the security of the code but also to prepare it for a third-party audit. In that case, an external audit will bring more benefit, since the auditors won’t be distracted by the “obvious” bugs and thus will concentrate on more serious problems.

Security audit can only show the presence of bugs but never their absence. If you simply look through the code and say that there are no vulnerabilities, this also can be called an audit. This means, the difference between pro and novice comes down to experience and possible number of bugs they can find. The more experienced the auditor is, the lower the probability that there are unnoticed vulnerabilities in the code. That is why auditing smart contracts is an easy and very difficult task at the same time.