README

NEAR Audit Database

Public Audits in the NEAR Ecosystem. Here is google sheets version for easier edit https://docs.google.com/spreadsheets/d/1YrQNaWV6JB6vM5iDuv9MmwHD5RbnmFlICA0UCdgWoco/edit#gid=0

πŸ”‘ Key

  • βœ… audit public, doesn’t mean no vulnerabilities, and doesn't mean audit has been checked or its been by firm listed below, just that it exists. This also doesn’t mean that an audit was done for all smart contract and dApp functionality.

  • πŸ“¦ audit may exist somewhere but private. Or publicly mentioned an audit but the audit isnt public.

  • πŸ‘€ = looking for an audit make a PR

  • 🟑 = getting an audit

  • 😑 = as of last talking to team no audit

πŸͺ² Bug Bounty Programs

Known NEAR Auditing Firms

Firms that are known for auditing NEAR dApps & Contracts

To add into table

  • NEAR Smart Contracts Tools | Kudelski | May 5th, 2023 | https://github.com/NEARFoundation/near-sdk-contract-tools/blob/develop/documents/NEAR%20Contract%20Tools%20-%20Final%20-%2005.05.2023.pdf

  • MetaPool LaunchPad (Katherine Fundraising & Bond Market) | Halborn | May 12th, 2023 | https://github.com/HalbornSecurity/PublicReports/blob/master/NEAR%20Smart%20Contract%20Audits/MetaPool_Katherine_Fundraising_and_Bond_Market_NEAR_Smart_Contract_Security_Audit_Report_Halborn_Final%20.pdf

  • NEAR Genesis Smart Contract | SmartState | May 18th, 2023 | https://smartstate.tech/reports/near-genesis-report-18052023.html

  • NEAR-IBC | BlockSec | September 18th, 2023 | https://github.com/octopus-network/near-ibc/blob/main/auditing/blocksec_near-ibc_v1.0_signed.pdf

  • Aurora FT Connector | Zokyo | June 8th, 2023 | https://www.datocms-assets.com/50156/1689941745-zokyo-near-ft-connector-audit.pdf

  • NEAR Snap | Ottersec | September 12th, 2023 | https://github.com/NEARBuilders/audits/blob/main/Audits/2023-09-12-Ottersec-NEAR_SNAP.pdf

  • Potlock Quadratic Funding | Ottersec | Feburary 15th | https://github.com/PotLock/core/blob/main/audits/Potlock-NEAR-Smart-Contracts-Quadratic-Funding-Audit-Ottersec-February-15-2024.pdf

  • Potlock Contracts | Guvenkaya | January 19th | https://github.com/Guvenkaya/public-reports/blob/master/Potlock-NEAR-Rust-Smart-Contract-Security-Assessment.pdf

  • Sweat Economy Defer Feature | Guvenkaya | January 30 | https://github.com/Guvenkaya/public-reports/blob/master/The-Sweat-Foundation-Ltd-Defer-NEAR-Rust-Smart-Contract-Security-Assessment.pdf

Firms That Audits Have Failed to Detect Critical Vulnerabilities

dont slip up and get added to this list

Exploits

Slip Ups

To-do

  • Finish finding all audits

  • Backup all the audits on Arweave + IPFS and archive all instances of audit on wayback machine

  • Work with ecosystem aggregator like NEAR Horizon to reference audits

  • Compile all the exploits

  • Let projects and NEAR Founders know to make a PR

  • Contact all projects without audits and let them know they can’t be lacking in these streets like that

  • Publish this on BOS

Contribution Guidelines

To learn how to contribute to the public repo go to Contribution Guidelines

Last updated