Building on the concept of invariant tests,I've developed my own unique approach to auditing smart contracts, which I term"invariant-based auditing." This method shares a philosophicallineage with invariant testing but diverges in its execution—opting for amanual, rather than automated, approach.
The process of invariant-based auditingunfolds in a pretty structured manner:
1. Define all invariants for the contract:
The first step involves identifying andclearly defining all the invariants pertinent to the specific contract underscrutiny. These invariants represent the core principles or conditions thatmust remain constant, regardless of the contract's state transitions.
2. Manual Review: Functions andTransitions:
Next, I undertake a thorough manual reviewof all functions within the contract, along with their corresponding statetransitions. This step is crucial for manually ensuring that the identifiedinvariants hold across all possible scenarios.
3. In-Depth Variable and State ChangeAnalysis:
The final step involves a detailedexamination of each state variable, specifically looking for any changes instatus. During this phase, I also perform a meticulous check of the invariantsagainst these state changes to ensure they consistently hold true.
Why Choose a Manual Approach?
You might wonder why I prefer a manualapproach to invariant-based auditing over automatic tests. The answer lies inthe depth of understanding and insight gained through this hands-on process.Unlike automated tests, which can efficiently cover a broad range of scenarios,the manual process allows for an unparalleled depth of engagement with thecodebase. This deep dive facilitates a more nuanced comprehension of thecontract's intricacies and potential flaws, enabling me to uncover subtleissues that automatic tests might overlook.
This is just one very specific step in myoverall auditing process, time allocation is around 5-10% of the overallengagement.
