Smart contract audit
A structured review of a deployed contract's code for vulnerabilities, by a third-party firm.
A smart contract audit is a code review conducted by a specialist firm to identify vulnerabilities before or after a contract is deployed on-chain. Audits typically take 2-8 weeks and produce a public report listing findings by severity (critical, high, medium, low, informational), along with the team's response and any remediations.
Not all audits are equal. A 3-day automated scan from a low-tier firm is not comparable to a 6-week manual review from a top-tier firm with formal verification. Audit scope also matters: an audit of one contract doesn't cover others in the protocol, and an audit of v1 doesn't cover v2.
Under Onyx methodology, an audit older than 12 months from current deployed code counts as zero. A logo on a website does not equal a real engagement.