My Personal Blog: Internal Audits

tags: blogs

Internal Audits

At least in the context of smart contracts, internal audits are when a company explicitly hires you or your firm to audit their product. Since Code4rena and Immunefi are open to the public, they do not count as internal audits.

I had the chance to participate in one such internal audit from an invitation by the firm PwnedNoMore, for the Revest Smart Contract. While the procedure is more or less the same, it feels extraordinary to be one of the only people in the world authorized to take on such a challenge.

However, for internal audits, it is essential to note that your reputation is on the line. With auditing contests such as Code4rena and Immunefi, anonymity amongst auditors provides a certain sense of security. In contrast, internal audits are not anonymous. A poor internal audit may be subject to mockery or defamation: people may never use your service or product again.

I think that was part of the reason that I took a brief one-week break from both college applications and conference materials to work on this audit.

That was part of the reason that I took a brief one-week break from college applications and conference materials to work on this audit.
It was for a good reason, too. I found a bug that I described in an (authorized) post on Twitter: This bug would have prevented the entire contract from working correctly. I was paid a sum of $1,500 for my efforts.

Fortunately for the contract, I couldn’t find any more issues, but I had the opportunity to polish my POC-making skills.