OtterSec | Proof of Audit

OtterSec is a smart contract auditing platform that has secured >$5B in on-chain TVL and worked with over 150 projects across blockchain ecosystems. OtterSec is a trust auditing platform consisting of a network of exceptional white-hat hackers.

Sign Protocol is a multi-chain attestation protocol. Sign Protocol implements attestations as digitally signed structured data that adhere to a registered schema under a schema registry. These attestations are then stored in a secure domain, either on-chain or off-chain. Attestations essentially reinforce the foundational trust systems we rely on to perform tasks in the world around us, and even on the web. Examples of these tasks encompass a range of activities such as the distribution of bounty rewards, the approval of loans, and the assignment of roles, among others.

Understanding the problem

Conducting a smart contract audit is the preliminary step in bringing any DApp to the masses. However to garner market trust, malicious project founders may make fake claims of a security audit. The traditional model of verification is using OtterSec’s website as the single source of truth, where the original audit PDF can be referenced. Naturally, there may be concerns of forgery of said documentation that could lead to malicious project founders sharing misinformation.

Audit transparency through Sign Protocol

OtterSec creates detailed reports mentioning the vulnerabilities discovere for smart contracts that have been audited. With Sign Protocol, OtterSec will now attestations to represent that OtterSec has officially completed the audit of any given company, the findings based in the report, and who from the team conducted the audit.

The schema is as follows:

**Project Name** *string*
**Project Domain** *string
**GitRepository*** *string*
**Findings** *Integer
	**Critical** Integer
	**High** Integer
	**Medium** Integer
	**Low** Integer
**Auditor** string*
**Timestamp** *string*

Once a smart contract audit has been completed by OtterSec, the audit summary will be recorded as an attestation directly on Signscan - serving as the single source of truth.

Last updated