Audit Wizard 101
May 11th, 2024

Who Is The Audit Wizard?

Smart contract security is changing every day. There are more auditors now than ever before and AI is allowing everyone to work smarter and faster. As someone who's spent their free time for the better part of the last year deeply embedded in smart contract audits, I've grown to appreciate tools that not only enhance efficiency but also deepen the thoroughness of audits. One such tool that I have consistently come back to is Audit Wizard. Having evolved significantly since its original beta release several months ago, Audit Wizard offers a robust suite of features that cater to both novice and experienced auditors and security-focused developers alike allowing anyone to become an Audit Wizard.

What is Audit Wizard?

Audit Wizard is the quintessential toolbelt for auditors, all in one place. It's a comprehensive platform that integrates a full spectrum of auditing tools into a single, auditor-friendly interface. Initially, I used Audit Wizard primarily for contests with tight deadlines due to its simplicity and ease of setup, simply import a GitHub repo and you're off to auditing. However, as the platform has evolved—becoming richer in features and more user-friendly—I find myself increasingly able to conduct entire security reviews directly within it. This shift not only speaks to its growing capabilities but also to its potential to streamline the auditing and code review process significantly.

Key Features of Audit Wizard

  • AI Assistance: One of the standout features of Audit Wizard is its AI assistant, which is available for every page of code. This AI excels at providing a high-level understanding of the protocol under review and offers targeted suggestions on potential bug locations. Its interactive nature allows you to probe deeper into issues by challenging assumptions and responding to questions, effectively acting as a second brain during the audit process. From my experience, engaging with the AI by rephrasing inquiries or asking for confirmation with queries like "Are you sure?" often yields more precise and insightful responses, enhancing its utility as an auditing partner.

  • Integrated Tools: Audit Wizard incorporates several key tools that are indispensable for thorough audits:

    • Slither: The integration of Slither directly into the platform allows auditors to automatically scan code for vulnerabilities without needing separate software and it looks like there will be more to come on this front.

    • Graph Tool: This feature enables auditors to visualize control flows and inheritance structures through function-scope or contract-scope graphs, providing a clearer understanding of the contract's architecture.

    • Whiteboard: For those who like to sketch out ideas or map out complex interactions, the built-in whiteboard is a perfect tool for diagramming directly within the app.

    • Inspect: The inspect tool shows you storage slots and what data is in them for deployed contracts, which can be very useful with working with upgradable contracts.

    • Foundry Tests: Audit Wizard supports the integration of GitHub repositories and the execution of Foundry-based test suites, allowing you to run existing tests or write custom PoCs directly within the platform.

    • Notes: While I prefer taking notes in line with the code—an option not currently available on Audit Wizard—the platform still facilitates effective note-taking by enabling tags on specific lines of code. These notes can be organized with custom labels or color codes, making them easy to search and review.

    • Reports: Building on the note-taking feature, Audit Wizard allows you to elevate a note to a finding with ease. Each finding in Audit Wizard is comprehensive, encompassing a title, the specific code location (highlighting the affected code), severity, a detailed description, and recommendations for remediation. Once you have a Report you can use their AI to help generate a PoC.

Conclusion

In summary, Audit Wizard is a powerful tool that consolidates essential auditing resources into a single, intuitive platform. It is particularly effective for simple audit contests, bug bounty programs, and ongoing smart contract development. With support for private GitHub repositories, Audit Wizard is ideal for both teams and solo developers aiming to implement security-first practices through internal reviews.

I'd like to see some improvements, such as the ability to take notes in line with the code and faster Foundry testing. Although my views on in-line notes are evolving, especially after my recent experiences with Audit Wizard, speeding up Foundry testing remains critical, as it's still faster to develop these tests locally.

For those of you exploring smart contract security tools, I encourage you to leverage Audit Wizard in your next project and share your experiences. Your feedback is crucial as it helps shape the tool and contributes to making Web3 a little more secure than it was yesterday.

Subscribe to Dumb Code
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
More from Dumb Code

Skeleton

Skeleton

Skeleton