What is a smart contract audit?
A smart contract audit is a thorough review of a DeFi protocol's code by an independent security firm. Auditors look for vulnerabilities that could allow funds to be stolen, locked, or manipulated — including reentrancy attacks, integer overflows, access control flaws, and logic errors.
Why audits matter
Smart contracts are immutable once deployed (unless upgrade rights are retained). A bug in unaudited code can result in permanent, irreversible loss of funds. Audits catch these bugs before deployment.
What auditors check
- Reentrancy — can an attacker call a function repeatedly before the first call completes?
- Access control — are admin functions properly restricted?
- Integer overflow/underflow — can arithmetic produce unexpected results?
- Logic errors — does the code do what it's supposed to do?
- Oracle manipulation — can price feeds be manipulated to drain funds?
Audit quality varies
Not all audits are equal. Look for:
- Reputable firms (CertiK, Hacken, SolidityScan, Trail of Bits)
- Full public report (not just a badge)
- Resolved findings (not just identified)
- Recent audit (code changes after an audit void its conclusions)
Audit score vs audit report
Some protocols display an "audit score" (e.g. 99/100) without publishing the full report. Always look for the full public report with specific findings and resolutions.