Article author:
DeFi Security Alliance

Audit Builder

In this sense, a report has to reflect best all the issues uncovered during the audit. DeFi Security Alliance has come up with a tool that helps simplify the compilation of this final audit report.
Why do you need an Audit Builder?
The goal of the Audit Builder is to make the auditing process as seamless as possible. Often, during work, auditors have to deal with large amounts of information. Slightest organizational issues can lead to incorrect results. To avoid that, Audit Builder offers an easy-to-navigate and simple system that arranges issues by contract.
That’s not the only advantage of the tool, as it allows forming a PDF file without unnecessary effort with Word or any other app. With the full version, it’s even possible to come up with a unique report design.

Audit Builder has been developed by auditors who have experience working with large complicated audit reports. This experience allowed them to combine the handiest practices and come up with a tool that makes the process easy and accessible.
What does Audit Builder do?
Audit builder is a tool that is available through a web browser. It contains empty fields that are to be filled by an auditor.
Fields are fully customizable, so you can choose which ones best suit your report. They are arranged by contract, and for every issue, you can select the severity and its status.
For instance, the Floating Pragma issue has low severity i.e. is unlikely to break the contract and remains unfixed. You just select the issue and its status and save the changes.
Comments can be added to every issue. Those usually include updates as well as notes from the project owners.
Everything from the audited contract and its details to additional code lines can be added to the report. There’s a user-friendly report library with advanced search, where you can see the report’s status and other parameters.
DeFi Security Alliance also provides a selection of the most popular issues, ready to be included and used. They can be used as offered or adjusted according to the demands of the user. This feature can be beneficial to both established auditors and new projects, trying to make their name. Additionally, users can add their own template issues according to their needs.
After all information has been filled in, Audit Builder will compile a PDF audit report that can be easily imported to GitHub or the project’s website.
A useful addition for auditors is Fork Checker. It’s normally used on two occasions. The first one is evaluating the code: if you’re dealing with a fork, you can see what changes has the project made to the original code. During an audit, you can review and compare all dependencies.
Usually, these tasks have to be done manually and it’s time-consuming. With this feature, the Builder automatically checks whether there’s been a backdoor added to the code.
Fork Checker takes the code provided in a sol file or via the address, and compares it to its database that includes OpenZeppelin and others. The feature shows the differences between the codes.

All data stays available to one audit company only. No other user will be able to access your data. The Audit Builder traffic goes through Cloudflare with WAF (Web Application Firewall) enabled.
The application runs in Kubernetes, wherein the Ingress controller ModSecurity is enabled. Containers run under non-root user, and network policies are applied everywhere.

The Audit Builder project includes a cluster with multiple databases for the clients, each running on a virtual machine, without external access. Databases can be accessed only from the Audit Builder application.

Each database is backed up and stored separately. All credentials are stored in the Vault. Access rights are allocated according to role models.

How to get access to Audit Builder?
Audit Builder is available through DSA. By buying a subscription, you get access to all the features that it has to offer. Audit Builder works fast and without lags. It allows multiple users from the same company to add their input, and the final result is easily accessible for review.
Wrapping Up

Never put your DeFi security down!
Besides the golden rules above, you should remember that there is hardly a comprehensive list to cover all potential vulnerabilities. The more blockchain and DeFi grow, the more sophisticated attempts hackers create to exploit the systems and steal your money.