However, like traditional financial products, DeFi is not immune to security threats such as theft due to programming errors and incomplete contracts. A notable incident occurred in April 2023 when blockchain-based lending protocol 0VIX lost around $2 million after hackers exploited technical vulnerabilities to manipulate token prices. To address such risks, smart contract audits have become increasingly prevalent.
Unlike traditional financial audits that focus on financial statements, smart contract audits scrutinize the integrity and completeness of computer code. A recent study by Janja Brendel, Assistant Professor at the Chinese University of Hong Kong (CUHK) Business School, reveals the thriving nature of the smart contract audit market.
Key Findings from the Study
The study, titled “Decentralized Finance (DeFi) Assurance: Early Evidence,” conducted in collaboration with Professor Thomas Bourveau from Columbia University and Professor Jordan Schoenfeld from the University of Utah, provides valuable insights into the smart contract audit market. It highlights the role of auditors in ensuring the security and reliability of DeFi ecosystems.
“We present some of the first evidence showing the pervasiveness of these audits, with the audit firm market comprising new technical audit firms. The scope of these audits spans various contract features, and the audit inputs and outputs differ significantly from those of conventional financial audits,” explains Professor Brendel. “The market reacts positively to these audit reports, indicating their value relevance.”
Growth of Blockchain Assurance Services
For this groundbreaking study, Professor Brendel and her team collected a comprehensive sample of smart contract reports from January 2017 to June 2023 using the smart contract scanner De.Fi. The data reveals that new blockchain assurance services have become a significant market force in recent years. The “full sample” consists of 8,531 unique audit reports, while the “market sample” includes 303 audit-venture events focusing on individual DeFi projects.
The audit market for smart contracts features many new entrants. TechRate, established in 2017, holds approximately 20% of the market share, followed by InterFi (founded in 2021) with over 11%, and Certik (established in 2018) with 6%.
Audit fees vary based on the length and complexity of the code. More experienced audit firms tend to charge higher fees. TechRate and InterFi are considered low-cost options, charging around $250 and $300, respectively, for a standard audit. In contrast, firms like Quantstamp, OpenZeppelin, and Trail of Bits charge upwards of $5,000, with Hacken starting at $9,000.
These prices are justified for several reasons. The largest audit firms have audited thousands of projects, including well-known names in the crypto world. Top-quality audit firms provide detailed reports, including team size, methods used, and the duration of the audit. They often deploy teams of five or fewer, use a combination of manual and automatic processes, and conduct longer audits.
Ensuring Security and Trust
While these audits can identify vulnerabilities, programming errors, and deviations, they do not guarantee against data breaches, thefts, and hacks. Many smart contract audit firms include legal disclaimers in their reports and advise clients to seek third-party opinions. For example, Certik introduced a plan in 2023 to compensate clients for hack-related losses up to $2 million following an audit.
Users can assess an audit firm’s reputation by examining its portfolio and track record. If the firm has worked on large, high-profile projects that have not been compromised, it indicates reliability. Prospective clients should also check if the firm has experience with the relevant blockchain and examine previous reports for detail and comprehensiveness.
The Importance of Smart Contract Audits
“Smart contracts are increasingly crucial in structuring and executing common DeFi financial transactions, such as loans and venture capital funding, with over $200 billion now locked in such contracts,” says Professor Brendel. “Smart contract audit reports are used by DeFi service providers to build trust with users and investors.”
Due to its decentralized nature, smart contract audits are not mandated by legislation. However, the audits are vital in assuring investors of the security protocols and underlying code, mitigating risks that could lead to income loss and irreversible damage.
Smart contracts are often re-audited following significant updates rather than annually like financial audits. There is no formal education or certification required to become an auditor, and no universal standards or guidelines exist for these audits, leading to significant variations in audit processes and outputs.
Typically, smart contract auditors use automated bug detection software to scan for potential vulnerabilities, followed by a manual line-by-line code review. Stress testing is also conducted to simulate different attack scenarios.
The release of a smart contract audit report often results in a positive market reaction, with a statistically significant market-adjusted return of about 10% within two days. This aligns with the notion that audits reduce information asymmetry and improve capital market functioning.
The Future of DeFi Assurance Services
As DeFi continues to grow, assurance services in this field are becoming crucial across all business sectors. Auditing adds credibility to disclosed information, increasing trust among users and investors, ultimately boosting transaction numbers.
Related topics:
Maximizing Seedify NFT Space Airdrop Opportunities Through Social Media
Vatican Library Utilizes Blockchain for Manuscript Preservation and Donor Engagement
