Approaching an audit, we first focus on gathering all available information about your DAO, exactly as a hacker would do. This includes looking at company documents, social media chat rooms, open source repositories, and deployed smart contracts, for example.
Next, we catalog how your DAO works by evaluating your instruments and processes. We pay attention to your exposure to Social Engineering threats, such as via email passwords leaks. Thereafter, we look at your infrastructure (e.g. servers, DNS names, IP addresses, available services).
Then, we analyze the information and create diagrams of your deployed resources. We check our findings against known vulnerabilities and recorded attacks
. We examine dApps and smart contracts against the best coding practices
. We verify your business logic.
Finally, we compile a report and present our findings as well as recommendations along with corresponding risk levels assessment. We advise how you can resolve each problem. Additionally, we offer you an opportunity to retest your DAO to ensure that you are decisively fully secured.