Smart Contract Audit: What's Checked, Process and Cost
Smart contract audit for Solidity, Rust, Tact: reentrancy, flash loans, centralization. Slither, Foundry fuzzing, external audit. Audit cost before mainnet.
Smart contract audit is mandatory before launching DeFi protocols, token sales, staking platforms or NFT mints with real funds. One Solidity bug can cost millions. Smart contract audit reduces risk, builds investor trust and is often required for CEX listing.
Why audit
User fund security, community trust, CEX requirements, VC due diligence, insurance eligibility.
What's checked
- Reentrancy — Checks-Effects-Interactions, ReentrancyGuard
- Access control — owner functions, timelock, multisig
- Integer issues — casting, assembly
- Flash loans — oracle manipulation, reward math
- Front-running / MEV
- Centralization — pause, upgrade, drain risks
- Logic errors — reward math, token decimals, fee-on-transfer
- Standards compliance — ERC-20/721/1155
- Chain-specific — Solana signer checks, TON messages
Audit process
- Pre-audit — tests, fuzzing, Slither, code freeze
- Automated — Slither, Mythril, Echidna
- Manual review — 1–4 weeks
- Report — Critical/High/Medium/Low findings
- Remediation — fix and re-review
- Final published report
- Bug bounty post-launch — Immunefi
Cost
| Scope | Boutique | Top firm |
|---|---|---|
| Token (< 200 LOC) | $3–8k | $10–20k |
| Staking (200–1k) | $8–20k | $20–50k |
| DeFi (1k–5k) | $20–50k | $50–150k |
| Protocol (5k+) | $50–100k | $100–500k+ |
Preparation
Documentation, 100% test coverage, fuzzing, clean NatSpec, testnet deploy, budget fix time.
Audit ≠ guarantee
Combine audit + bug bounty + timelock/multisig + TVL caps + monitoring (Forta, Tenderly).
NexForge develops smart contracts with pre-audit preparation — Foundry, fuzzing, Slither — and coordinates external audit before mainnet.