# Smart Contract Audit / Pen-test

Please submit the following information to **<adrien@auditone.io>**&#x20;

### Pre-audit phase

In this phase, we agree on the audit's scope, price, and timeframe. Please provide us with the following information to streamline the process.

* [ ] Project name and short description
* [ ] Link to the project's website
* [ ] Codebase (link to your GitHub or similar) and **audit scope**
* [ ] Last commit hash
* [ ] Contact information (Discord, TG) of your project team members participating in the audit process (CTO, Tech Lead, Devs, etc.) - we will create a communication channel with everyone.
* [ ] Your preferred start date for the audit\
  \
  Ideally, do the **Rekt Test (**[**https://blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/**](https://blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/)**)**
  1. *Do you have all actors, roles, and privileges documented?*
  2. *Do you keep documentation of all the external services, contracts, and oracles you rely on?*
  3. *Do you have a written and tested incident response plan?*
  4. *Do you document the best ways to attack your system?*
  5. *Do you perform identity verification and background checks on all employees?*
  6. *Do you have a team member with security defined in their role?*
  7. *Do you require hardware security keys for production systems?*
  8. *Does your key management system require multiple humans and physical steps?*
  9. *Do you define key invariants for your system and test them on every commit?*
  10. *Do you use the best automated tools to discover security issues in your code?*
  11. *Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program?*
  12. *Have you considered and mitigated avenues for abusing users of your system?*

### Audit phase

After signing the contract with us, we can kick off the audit.

* [ ] Code walkthrough - video to be uploaded here: <https://forms.gle/cMStFDLRAZCtx8Za9> (This helps auditors understand expected outcomes from the developer's side.)
* [ ] GitHub names of your Team so they can view the audit process
* [ ] Your logo(s)
* [ ] Your social media links (if you want us to publish information about the audit on our SM)

### Post-audit phase

This part is dedicated to ensuring your project stays secure in the long run and helps us to improve based on your feedback.

* [ ] 4 min feedback form: <https://docs.google.com/forms/d/e/1FAIpQLSf_ZpNTuz9C2cFuWtqKH2dRhfVjUjFHF-QF20sx9jUQckmPdw/viewform?usp=sf_link>
* [ ] Call about future security options like coverage pools, bug bounty, and on-chain monitoring.

### Audit Process

We have described the audit process in detail in our Docs here:

{% embed url="<https://docs.auditone.io/stakeholders/for-projects>" %}