LogoLogo
  • Sign Protocol
    • Introduction
    • FAQ
  • For Hackers
    • Getting Started
  • For Builders
    • Getting Started
      • Fundamentals
      • Tutorials
        • Building a Simple Notary Platform
          • Schema Creation
          • Attestation Creation
          • Querying Attestations
          • Parsing Attestation Data
        • Delegate Attestation Creation
          • Express Backend
          • Solidity
      • Examples
        • Attestation Discord Bot
        • KYC-Gated Smart Contract Access Control
    • Supported Networks
    • Sign Developer Platform
    • Advanced Topics
      • Cross Chain Attestations
      • Hybrid Attestations
      • Schema Hooks
        • Tutorial: Checking Attestation Data
          • Schema Creation
          • Schema Hook
          • Creating an Attestation (Solidity)
      • ZK Attestations
        • Compile a Circuit
        • Create a Schema Hook
    • Querying Data
      • NPM SDK
        • Usage & Examples
      • REST APIs
        • Schemas
        • Attestations
      • GraphQL
        • Schemas
        • Attestations
    • Writing Data
      • NPM SDK
        • Installation
        • Usage
          • Schemas
          • Attestations
        • Examples
        • Changelog
      • Smart Contract
        • EVM
          • Interfaces
            • ISP
            • ISPHook
            • IVersionable
          • Data Models
            • Schema
            • Attestation
            • DataLocation
  • For Thinkers
    • A Future Of Verifiable Trust
    • Effective Attestations
    • Incentive-Aligned Public Good
    • Glossary
      • Attestations
      • Schema
      • Schema Registry
      • Attestation Repository
  • Case Study
    • EthSign
    • KYC-Gated Contract Calls
    • Proof of Audit
    • Developer Onchain Reputation
    • Onboarding Web2 Data
Powered by GitBook
LogoLogo

Copyright Sign 2021-2024

On this page

Was this helpful?

  1. Case Study

Proof of Audit

Cryptographically verify the integrity of OtterSec security audit reports

PreviousKYC-Gated Contract CallsNextDeveloper Onchain Reputation

Last updated 10 months ago

Was this helpful?

Conducting a smart contract audit is the preliminary step in bringing any DApp to the masses. However, to garner market trust, malicious project founders may make fake claims of a security audit. The traditional model of verification is using OtterSec’s website as the single source of truth, where the original audit PDF can be referenced. Naturally, there may be concerns of forgery of said documentation that could lead to malicious project founders sharing misinformation.

OtterSec creates detailed reports mentioning the vulnerabilities discovered for smart contracts that have been audited. With Sign Protocol, OtterSec will now create attestations to disclose that OtterSec has officially completed the audit of any given contract, the findings based in the report, and which team member conducted the audit.

The Schema

{
	"name": string,
	"domain": string,
	"repo": string,
	"findings": {
		"critical": uint8,
		"high": uint8,
		"medium": uint8,
		"low": uint8,
	},
	"auditor": string,
	"timestamp": uint64
}

You can also find it .

Once a smart contract audit has been completed by OtterSec, the audit summary will be recorded as an attestation directly on , serving as the single source of truth.

here
SignScan