|
|
|
|
|
|
by jjordan
1063 days ago
|
|
|
Audits are performed as a due diligence before actually launching the product or service that will utilize it. The audit is a collaborative process between the auditing team (or contest participants, in this case), and the developer of the smart contract. Contestants are rewarded financially for finding exploitable issues, with unique criticals (i.e. exploits that lose customer funds or otherwise fundamentally breaks the intended behavior of the contract) paying the most. AFAIK no public Codearena or Sherlock audit has had a critical vulnerability exploited after a contest was completed. It would be hard to compare the smart contract auditing ecosystem with audits of internal processes at those entities you mentioned, because the problem being solved is fundamentally different. Google, Amazon, et. al. are protecting access to information stored in data centers, whereas smart contracts are at most a few thousand lines of code that needs to work as intended, without clever hackers finding a way to exploit them. |
|
|
Looking at the leaderboard [1] it looks like the pay out is a few thousand dollars for a “steal all the money” defect. These companys literally want to manage millions of dollars, yet it regularly costs only a few thousand dollars in developer time to steal all the money. And these are the good companys doing audits.
What a joke. It is worse than XP, but at least Microsoft knew they were a laughing stock.
[1] https://code4rena.com/leaderboard