// GLOSSARY -- SECURITY & COMPLIANCE

What is Smart Contract Audit?

1 min read Updated

A smart contract audit is a professional security review of smart contract code to identify vulnerabilities, logic errors, and potential exploits before deployment — the primary security assurance mechanism in DeFi.

WHY IT MATTERS

Audits are DeFi's substitute for regulation. Before a protocol handles real money, independent security firms review the code: checking for reentrancy, overflow, access control issues, economic attacks, and logic errors.

Major audit firms include Trail of Bits, OpenZeppelin, Certora (formal verification), Spearbit, and Code4rena (competitive audits). Each has different methodologies and specializations.

Important caveat: an audit is not a guarantee. Audits are point-in-time reviews that may miss novel attack vectors. Audited protocols have been exploited. Audits reduce risk — they don't eliminate it.

FREQUENTLY ASKED QUESTIONS

How much does an audit cost?
$50K-$500K+ depending on code complexity, audit firm reputation, and timeline. Competitive audits (Code4rena) can be more cost-effective but with variable quality.
Should I use an audited protocol?
Audited > unaudited, but don't treat audits as guarantees. Check: who audited, when, what version of the code, and whether issues were fixed. Multiple independent audits are better than one.
What do auditors check?
Common vulnerabilities (reentrancy, overflow), access control, economic attack vectors, oracle manipulation, upgrade mechanism safety, and gas optimization. Good audits also review business logic and economic model.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.