How to Check a Crypto Project’s Audit Report
There are so many scams in cryptocurrency that you are always advised to check both the whitepaper and the audit report of any currency you are considering investing in. But how do you find audit reports?
Cryptocurrency platforms that utilize auditing companies are usually very open about their audits and feature the reports directly on their website. Of course, these reports aren’t always the easiest to read. Keep scrolling to learn where to find audit reports as well as some tips on how to read them.
What is an Audit Report?
An audit report is the summary of the findings occurring during an audit of a blockchain or cryptocurrency project. Due to the number of scams in the cryptocurrency space, many viable companies see regular audits as a necessity, and many promote their audits as a marketing strategy.
An audit is a check to ensure the blockchain platform or smart contract has robust security capable of keeping out intruders, and that everything promised by the blockchain is capable of being delivered via the code (basically, the blockchain does what the company says it does, and there is nothing scammy going on). It also checks that the company is adhering to any government regulations required.
For an audit report to be valid, it must be conducted by a third party with no financial interest in the project.
Where Do You Find Audit Reports?
As we mentioned in the introduction, most websites are very open about their audits, and the results should be featured prominently on their website or tucked in their FAQ section. However, sometimes companies that receive a less-than-stellar report hide the results, or try to, while still stating that the blockchain has been audited. In these cases, you may need to request the documents directly, and the company may try to say no.
Lucky for you, many audits are publicly available via a Google search, and if they aren’t, this may be a red flag that something is going on, such as the company lying about being audited.
5 Tips for Reading Crypto Audit Reports
Now that you’ve found the audit report you were searching for, you might find it harder to read than you originally assumed. Below is a breakdown you can use to help you read and understand a crypto audit report.
1. Name, Auditor, and Review Section
These sections will appear at the top of the audit report. The name will specify the name of the audit as well as the blockchain or project being audited. It’s important to check this so you can ensure you’re reading the right report.
The Auditor and the Review section should list the name of the company or individual performing the audit, as well as who reviewed it. The review section may indicate a name or a pseudonym, depending on the company.
2. Type and Language
There are many types of audits. Some companies only pay for an audit of their smart contracts, rather than the company as a whole. This may mean that while their smart contracts meet standards, the way they pay their executives, etc., may not. For best results, you want to look for a full company audit as opposed to one that just lists ERC-20 or BEP-20 or whatever other blockchain code is listed.
Language is the coding language the blockchain is coded in. This can generally be ignored for our purposes.
3. Dates
Always check the dates of the audit—when it started and when it ended. Audits are generally only valid for one to two years, depending on the type of audit and platform. If it’s been three or more years, the audit may be invalid, and you should look for one performed more recently.
4. Executive Summary
Of course there is far more to an audit report than just the names and dates, however a lot of the technical jargon will be too difficult for the average individual to read. Therefore, we recommend skipping to the executive summary, which will have the information you need.
Within the executive summary, there should be a short explanation of findings. There should also be a table listing the vulnerabilities found, the severity of said vulnerabilities.
Key for Severity Definitions:
· Critical = very bad, this blockchain is not safe
· High = bad, the blockchain is likely unsafe
· Medium = not the greatest, but not bad either, blockchain might be safe
· Low = not a major issue, blockchain is likely safe
· Informational = this is a cosmetic issue not affecting the safety of the blockchain but still should be corrected
· Undetermined = this might be bad, we aren’t sure
In our opinion, you should not move forward with any blockchain project exhibiting critical or high risks. You should also be very cautious of investing in any blockchain with medium risks.
5. Check the Final Findings
Toward the end of the crypto audit report, there should be a “findings” or “final findings” section. While you should already have an idea of the overall health of the project based on the executive summary, this final section will give you the auditor’s opinion of the website.
For example, this section may say something like, “We recommend the website undergo several code reviews before launching to customers,” or “This website is ready for launch; however, we urge the creators to ensure they are adhering to the GDPR regulations prior to launch.” Either of these will give you a better idea of what the website needs, or doesn’t need, prior to launch. If you haven’t made your decision yet, these sentences should make it clear which option you should choose.
Overall, remember that just because a blockchain had an audit, it does not mean it’s secure. It’s important that when a project boasts being audited, you take the time to read the actual report. You never know when an audit may come back with a result of “unsafe,” and the company is doing what it can to cover that up.
