Security Audit Steps
- Initial Review
- Scoping
- Reconnaissance
- Vulnerability identification
- Reporting
- Protocol fixes
- Fixes issues
- Retests and adds tests
- Mitigation Rewiew
- Reconnaissance
- Vulnerability identification
- Reporting
first Audit Password Storage
Link:-https://sepolia.etherscan.io/address/0x2ecf6ad327776bf966893c96efb24c9747f6694b#code
First Step check For compiliance with Rekt Test
The Rekt Test Questions
1. Do you have all actors, roles, and privileges documented?
2. Do you keep documentation of all the external services, contracts, and oracles you rely on?
3. Do you have a written and tested incident response plan?
4. Do you document the best ways to attack your system?
5. Do you perform identity verification and background checks on all employees?
6. Do you have a team member with security defined in their role?
7. Do you require hardware security keys for production systems?
8. Does your key management system require multiple humans and physical steps?
9. Do you define key invariants for your system and test them on every commit?
10. Do you use the best automated tools to discover security issues in your code?
11. Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program?
12. Have you considered and mitigated avenues for abusing users of your system?
https://docs.codehawks.com/hawks-auditors/how-to-evaluate-a-finding-severity
High Impact:
1. Funds are directly or nearly directly at risk.
2. There's a severe disruption of protocol functionality or availability.
Medium Impact:
1. Funds are indirectly at risk.
2. There's some level of disruption to the protocol's functionality or availability.
Low Impact:
1. Funds are not at risk.
2. However, a function might be incorrect, state might not be handled appropriately, etc.
- Slither
slither .
- Aderyn
aderyn --root .
Let's work together to build secure and resilient applications! 🔒✨