README
NEAR Audit Database
Public Audits in the NEAR Ecosystem. Here is google sheets version for easier edit https://docs.google.com/spreadsheets/d/1YrQNaWV6JB6vM5iDuv9MmwHD5RbnmFlICA0UCdgWoco/edit#gid=0
π Key
β audit public, doesnβt mean no vulnerabilities, and doesn't mean audit has been checked or its been by firm listed below, just that it exists. This also doesnβt mean that an audit was done for all smart contract and dApp functionality.
π¦ audit may exist somewhere but private. Or publicly mentioned an audit but the audit isnt public.
π = looking for an audit make a PR
π‘ = getting an audit
π‘ = as of last talking to team no audit
πͺ² Bug Bounty Programs
Known NEAR Auditing Firms
Firms that are known for auditing NEAR dApps & Contracts
To add into table
NEAR Smart Contracts Tools | Kudelski | May 5th, 2023 | https://github.com/NEARFoundation/near-sdk-contract-tools/blob/develop/documents/NEAR%20Contract%20Tools%20-%20Final%20-%2005.05.2023.pdf
MetaPool LaunchPad (Katherine Fundraising & Bond Market) | Halborn | May 12th, 2023 | https://github.com/HalbornSecurity/PublicReports/blob/master/NEAR%20Smart%20Contract%20Audits/MetaPool_Katherine_Fundraising_and_Bond_Market_NEAR_Smart_Contract_Security_Audit_Report_Halborn_Final%20.pdf
NEAR Genesis Smart Contract | SmartState | May 18th, 2023 | https://smartstate.tech/reports/near-genesis-report-18052023.html
NEAR-IBC | BlockSec | September 18th, 2023 | https://github.com/octopus-network/near-ibc/blob/main/auditing/blocksec_near-ibc_v1.0_signed.pdf
Aurora FT Connector | Zokyo | June 8th, 2023 | https://www.datocms-assets.com/50156/1689941745-zokyo-near-ft-connector-audit.pdf
NEAR Snap | Ottersec | September 12th, 2023 | https://github.com/NEARBuilders/audits/blob/main/Audits/2023-09-12-Ottersec-NEAR_SNAP.pdf
Potlock Quadratic Funding | Ottersec | Feburary 15th | https://github.com/PotLock/core/blob/main/audits/Potlock-NEAR-Smart-Contracts-Quadratic-Funding-Audit-Ottersec-February-15-2024.pdf
Potlock Contracts | Guvenkaya | January 19th | https://github.com/Guvenkaya/public-reports/blob/master/Potlock-NEAR-Rust-Smart-Contract-Security-Assessment.pdf
Sweat Economy Defer Feature | Guvenkaya | January 30 | https://github.com/Guvenkaya/public-reports/blob/master/The-Sweat-Foundation-Ltd-Defer-NEAR-Rust-Smart-Contract-Security-Assessment.pdf
Firms That Audits Have Failed to Detect Critical Vulnerabilities
dont slip up and get added to this list
Exploits
Slip Ups
To-do
Finish finding all audits
Backup all the audits on Arweave + IPFS and archive all instances of audit on wayback machine
Work with ecosystem aggregator like NEAR Horizon to reference audits
Compile all the exploits
Let projects and NEAR Founders know to make a PR
Contact all projects without audits and let them know they canβt be lacking in these streets like that
Publish this on BOS
Contribution Guidelines
To learn how to contribute to the public repo go to Contribution Guidelines
Last updated