Nowadays, protocols become more and morecomplex and introduce modular patterns in their systems.
Here’s a comprehensive guide on how toaudit and understand the different types of contracts within larger project
1. Libraries
Libraries are toolkits that contracts canutilize without inheriting them directly. They're imported into contracts andare instrumental in providing utility functions for:
Safe transfers: Ensuring asset transfersoccur without errors.
Hook checks: Validating conditions beforeor after certain actions.
De/encoding: Handling data in variousformats.
Queues/orderbooks: Managing data structuresfor complex operations.
Math operations: Performing calculationsreliably.
And more.
Audit Focus: Ensure libraries are usedappropriately and check for misuse or misimplementation of their functions incontracts. Verify that library functions do not introduce vulnerabilities,especially in critical areas like asset transfers and data handling.
2. Abstract Contracts
Abstract contracts serve as the backbonefor other contracts. They define a set of functionalities without fullyimplementing them, allowing derived contracts to implement the details. Theseare especially common in systems where core functionalities like staking areextended in various forms (e.g., staking1, staking2).
Audit Focus: Understand the basefunctionalities these abstract contracts define and how they're inherited andutilized by other contracts. Ensure that the derived contracts correctlyimplement and extend these base functionalities without introducing inconsistenciesor security flaws.
3. Core Contracts [1] - Internal/LogicFunctions
These contracts are critical as they handlethe internal logic and data manipulation of the protocol. They're often notcalled directly by users but through other external-facing contracts.
Audit Focus: Look for logical bugs andvulnerabilities in data manipulation and internal function implementations.Verify that internal functions are correctly authorized and cannot be misusedby external entities.
4. Core Contracts [2] - External Functions
This subset of core contracts deals withinteractions with the outside world. They're designed to receive inputs fromtransactions, validate them, and direct them to the appropriate internal logicfunctions.
Audit Focus: Stress-test these contractswith various inputs and conditions to uncover potential vulnerabilities. Payspecial attention to input validations, authorization checks, and how differentcondition paths are handled. Think creatively about possible attack vectorsthat could exploit the interaction between external and internal functions.
5. Auxiliary Contracts
Auxiliary contracts support the mainprotocol without being a core part of it. Examples include tokens, treasurymanagement, vesting contracts, and more. These contracts often have a moreisolated functionality compared to the intertwined nature of core components.
Audit Focus: Because they're lessinterconnected, you can audit these contracts more linearly. Review eachcontract's code for vulnerabilities, ensuring that its implementation alignswith the intended functionality and security standards.
