Proof of Audit

Conducting a smart contract audit is the preliminary step in bringing any DApp to the masses. However, to garner market trust, malicious project founders may make fake claims of a security audit. The traditional model of verification is using OtterSec’s website as the single source of truth, where the original audit PDF can be referenced. Naturally, there may be concerns of forgery of said documentation that could lead to malicious project founders sharing misinformation.

OtterSec creates detailed reports mentioning the vulnerabilities discovered for smart contracts that have been audited. With Sign Protocol, OtterSec will now create attestations to disclose that OtterSec has officially completed the audit of any given contract, the findings based in the report, and which team member conducted the audit.

The Schema

{
	"name": string,
	"domain": string,
	"repo": string,
	"findings": {
		"critical": uint8,
		"high": uint8,
		"medium": uint8,
		"low": uint8,
	},
	"auditor": string,
	"timestamp": uint64
}

You can also find it here.

Once a smart contract audit has been completed by OtterSec, the audit summary will be recorded as an attestation directly on SignScan, serving as the single source of truth.