Author

Topic: Help on Code Audit for New Projects (Read 156 times)

legendary
Activity: 2702
Merit: 4002
December 08, 2020, 12:58:58 PM
#7
Is there a way and ordinary person can verify these codes? Maybe a simpler and non complicated way?
Unfortunately, everyone who could not read the code and check every line in it and understand its dimensions must trust in other people, so even if the code is open source, if you do not find enough people who read it, do not use it.

Hackers always have an advantage as they look for weaknesses in the system that others cannot discover, and it is more difficult for the developing team because they fight in the dark.
member
Activity: 898
Merit: 19
Do it For Better Humanity (Bitget trader)
December 08, 2020, 08:29:37 AM
#6
Thanks to everyone for all your explanations.. I really appreciate.
legendary
Activity: 3024
Merit: 2148
December 08, 2020, 08:08:33 AM
#5
This is why we don't need so many altcoins, a coin needs many requirements to properly function - trading volume, hashpower, node count, community and so on. If a coin has tiny community, its code just can't be properly reviewed, because there's not enough experts in the community, which means the coin is not secure and safe - there can serious be bugs or backdoors. Other things also negatively impact a coin, like having low volume makes it prone to manipulation, low hashpower leads to 51% attacks, low node count leads to centralization.
sr. member
Activity: 1554
Merit: 413
December 08, 2020, 02:42:27 AM
#4
...There are lot of new projects our there in which the code is not actually programmed to do what the project is meant for. But no one knows not even the investors and some of the team members.
There are probably just a handful of projects that honestly made a mistake. Many flaws or bugs in the codes are either meant to be there so they can exit scam. The most common example is the team minting unlimited tokens and dumping on retail traders or investors.

Quote
Is there a way and ordinary person can verify these codes? Maybe a simpler and non complicated way?
What jackg said.

These audits are designed that only the auditors can check closed source codes and that you have to trust their findings and reputation. Ordinary people have to rely on the auditors seal of approval.
hero member
Activity: 2492
Merit: 542
December 08, 2020, 01:54:48 AM
#3
@OP, Auditing means checking each line of code for possible bugs and recommended actions maybe suggested inorder for a smart contract can function only what they are intended to do according what the projects usecase as an auditor you need to have a solid background in coding, I dont know any software for now that can automatically detects bugs in codes and offer recommendations, its something that manually done by skilled professional coders. so I dont think a normal investors can audit it in a very simple way its really complicated job.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 07, 2020, 05:36:36 PM
#2
Unless you're wanting to learn how to program i dont think it's possible. There are too many possibilities for what code can do that I don't think a heuristic would present much usable information to the user...

There may be a way to look at how they commit to their git repo as to whether it looks natural or not but this might be difficult to do too.. . 
member
Activity: 898
Merit: 19
Do it For Better Humanity (Bitget trader)
December 07, 2020, 05:22:08 PM
#1
I've been thinking about this for a while now. There are lot of new projects our there in which the code is not actually programmed to do what the project is meant for. But no one knows not even the investors and some of the team members.
To audit this code is not something anyone can do. And the worst thing is we only see smart contract audit done and verified probably on the project social media. Then we believe them due to what they post.
My question
Is there a way and ordinary person can verify these codes? Maybe a simpler and non complicated way?
Thank you.
Jump to: