Smart contracts deserve trusted audits

Connect with top security auditors and protect your smart contracts.

• Overview
• Why Sol Audit?
• Features Implemented
• Platform Workflow
• Technology Stack
• Getting Started
• Future Roadmap
• Contributing
• License
• Testing the Bounty Flow on Localnet

Sol Audit is a decentralized platform built on Solana that connects smart contract developers with top security auditors. Our platform streamlines the entire audit process, from bounty creation to vulnerability disclosure and reward distribution.

Mission: Make smart contract security accessible and reliable for all blockchain developers.

• High Costs: Traditional audit firms charge premium prices, making security inaccessible for smaller projects
• Limited Availability: Top auditors have long waitlists, delaying project launches
• Centralized Control: Existing bounty platforms lack transparency and on-chain settlement
• Misaligned Incentives: Fixed-fee audits don't reward based on actual vulnerabilities found
• Poor User Experience: Current solutions have complex workflows and poor developer experience

Sol Audit addresses these challenges by:

1. Pay-Per-Finding Model: Only pay for actual vulnerabilities discovered
2. On-Chain Settlement: All rewards are processed transparently on Solana
3. Open Marketplace: Any qualified auditor can participate, reducing wait times
4. Enhanced Security: Leveraging the collective expertise of diverse security researchers
5. Seamless UX: Intuitive platform designed for both developers and auditors

• Authentication System

  • Firebase-based authentication with email and password
  • Wallet connection and verification with Solana wallet adapters

• Bounty Management

  • Create bounties with detailed project information
  • Set custom severity weights and reward allocation
  • Browse and filter active bounties
  • Automatic ownership tracking tied to Firebase user ID

• Submission Flow

  • Submit vulnerabilities with severity assessment
  • Proof of concept and fix recommendation support
  • Submission review process for bounty owners

• Reward System

  • Automatic escrow creation for bounty funds
  • On-chain payment distribution for approved submissions
  • Integration with Solana's SPL tokens and native SOL

• User Experience

  • Responsive and intuitive interface
  • Real-time status updates for bounties and submissions
  • Markdown support for detailed technical documentation

1. Create Bounty

   • Connect Solana wallet
   • Define bounty parameters and reward pool
   • Fund the bounty escrow account
   • Set submission criteria and deadline

2. Review Submissions

   • Receive notifications for new submissions
   • Review vulnerability reports with PoC
   • Approve/reject findings with feedback
   • Rewards automatically distributed upon approval

1. Browse Bounties

   • Filter by tags, reward size, and deadline
   • View detailed project specs and requirements

2. Submit Findings

   • Document vulnerabilities with severity assessment
   • Provide proof of concept
   • Include fix recommendations
   • Submit for review and receive confirmation

3. Receive Rewards

   • Automatic payment for approved submissions
   • Reputation building on successful findings

• Frontend:

  • Next.js 13 with App Router
  • TypeScript
  • TailwindCSS
  • Solana Wallet Adapter

• Backend:

  • Firebase (Authentication, Firestore)
  • Node.js Express API
  • Solana Web3.js

• Blockchain:

  • Solana Program (Rust)
  • SPL Token integration
  • Custom escrow program

• Node.js v16 or higher
• npm or yarn
• Firebase account
• Solana devnet account and wallet

1. Clone the repository:

   git clone https://github.com/DishankChauhan/sol-audit
   cd sol-audit
   

2. Install dependencies:

   cd sol-audit-backend
   npm install
   cd ../sol-audit-frontend
   npm install
   

3. Configure Firebase:

   • Create a Firebase project
   • Set up Firestore database
   • Download serviceAccountKey.json and place it in the backend root directory
   • Configure frontend Firebase credentials in sol-audit-frontend/src/lib/firebase/config.ts

4. Run the applications:

   # Terminal 1 - Backend
   cd sol-audit-backend
   npm run dev
   
   # Terminal 2 - Frontend
   cd sol-audit-frontend
   npm run dev
   

We're committed to continually improving the Sol Audit platform. Here's what's coming next:

• Dispute Resolution DAO - Implement a decentralized arbitration system for contested submissions
• Enhanced Analytics - Provide insights for both auditors and project owners
• Reputation System - Build a trustless reputation system for auditors based on successful findings

• Team Collaboration - Support for audit teams working together on larger projects
• Specialized Audit Types - Custom templates for different types of audits (NFT, DeFi, etc.)
• Integration with Developer Tools - IDE plugins and CI/CD integrations

• Decentralized Governance - Community-driven platform governance
• Cross-chain Support - Extend beyond Solana to other blockchain ecosystems
• Audit Certification Program - Standardized certification for auditors on the platform

We welcome contributions to improve the platform! Please see the CONTRIBUTING.md file for guidelines.

This project is licensed under the MIT License - see the LICENSE file for details.

The project includes tools to test the complete bounty workflow on localnet. This is particularly useful for testing the escrow payment flow without connecting to devnet or mainnet.

1. Make sure the Solana localnet validator is running:

   solana-test-validator

2. Deploy the program to localnet if you haven't already:

   cd audit_bounty
   solana program deploy target/deploy/audit_bounty.so

3. Update the program ID in /src/lib/env.ts to match your deployed program if needed.

1. Start the frontend development server:

   cd audit-bounty-frontend
   npm run dev

2. Navigate to http://localhost:3000/debug/localnet-test-flow

3. Follow the steps in the UI to:

   • Fund test wallets
   • Create a bounty
   • Submit audit work
   • Approve the submission
   • Claim the bounty

If you encounter payment flow issues, check the following:

1. Network Mismatch: The most common issue is mixing different networks. The Phantom wallet typically connects to devnet/mainnet which will cause transaction failures when your contract is on localnet. Use the localnet test flow for consistent network usage.

2. Bounty Status: The bounty must be in "Approved" status before it can be claimed. The creator must approve a submission first.

3. Wallet Authorization: The wallet claiming the bounty must be the same one that was approved by the creator.

4. Transaction Logs: Check the browser console logs for detailed transaction errors and status updates.

The project includes a local wallet implementation for testing without external wallets:

• Test keypairs are pre-generated in src/lib/solana/localWallet.ts
• The createLocalWallet function creates a mock wallet context that can sign transactions
• Use fundTestWallet to add SOL to test wallets via localnet airdrops

Example:

import { createLocalWallet, fundTestWallet } from '@/lib/solana/localWallet';

// Create a local wallet with creator role
const creatorWallet = createLocalWallet('creator');

// Fund it with 5 SOL
await fundTestWallet('creator', 5);

// Use it to interact with the contract
const result = await SolanaService.initializeBounty(creatorWallet, {...});