Well-prepared teams receive faster, deeper audits. Preparation is not a substitute for professional review—it helps auditors focus on novel logic instead of missing documentation.
Define scope clearly
- List every contract address, proxy, and upgrade path in scope.
- Document integrations: oracles, bridges, keepers, and external calls.
- State explicit out-of-scope items to avoid misunderstandings.
- Freeze feature changes during audit windows when possible.
Prepare technical artifacts
- Architecture diagrams and data-flow descriptions
- Threat model covering assets, actors, and trust boundaries
- Unit, integration, and invariant test suites with coverage notes
- Deployment scripts, constructor arguments, and configuration values
- Changelog between audit iterations if re-reviewing fixes
Organize access and communication
Assign a technical point of contact, provide reproducible build instructions, and schedule time for auditor questions. Use audit handoff templates from the home page to track evidence indexes and remediation items.
After the audit
Prioritize findings by user impact, fix critical issues before launch, request re-review where agreed, and publish remediation status transparently. An audit report without verified fixes still leaves users exposed.