A new study from the Chinese University of Hong Kong (CUHK) Business School found that the smart contract audit market is thriving, with new technical audit firms leading this.
Decentralised finance or DeFi has emerged as a transformative force in the financial world, leveraging blockchain technology to create an open and decentralised financial ecosystem.
According to CUHK Business School, the core of this revolution are smart contracts, which are self-executing contracts with the terms of the agreement directly written into code.
However, these contracts are not immune to vulnerabilities, as evident in the recent alarming loss of US$2 million of the blockchain-based lending protocol 0VIX attributable to a smart contract exploit.
The study, titled "Decentralised Finance (DeFi) Assurance: Early Evidence," conducted by Professor Janja Brendel of CUHK Business School, in collaboration with Professor Thomas Bourveau from Columbia University and Professor Jordan Schoenfeld from the University of Utah, examines the emergence of new audit firms and the evolving landscape of smart contract assurance.
The research provides valuable insights into the factors driving the growth of this market and the role of audits in mitigating risks for investors.
Key findings:
- Audit report releases typically result in a 10% market-adjusted return within two days, indicating that audits may enhance investor confidence.
- Over US$200 billion is now locked in smart contracts, highlighting their importance in structuring and executing common DeFi financial transactions.
- Smart contract audits focus on the integrity and completeness of computer code rather than financial statements.
- Many projects seek multiple audits, especially after code changes.
"Smart contract audit reports are used by DeFi service providers primarily to build trust with existing and prospective users of and investors in their services," says Brendel.
With the proliferation of DeFi, assurance services within these new fields are becoming crucial to all fields of business. CUHK Business School says auditing is essential for adding credibility to information that is disclosed, which in turn helps increase trust with users and investors and ultimately helps to raise the number of transactions.
Such assurance is important, perhaps due to its decentralised nature, which means smart contract audits are not mandated by legislation.
In addition, blockchain projects have a chequered history, so it is inevitable that investors need reassurance that the security protocols are up to scratch and that the underlying code works, allowing investors to assess the overall trustworthiness of blockchain projects while mitigating the risks that cause loss of income and irreversible damage.
Smart contracts that are audited are often audited again when there is a significant update to the contract, not periodically every fiscal year like financial audits. There is no formal education or certification required to be an auditor, and the audits also do not need to follow a universal standard or guideline, which means that the audit process and output can differ significantly based on the auditors’ approach and methodologies in ways that financial auditors typically cannot.
In general, smart contract auditors normally apply automated bug detection software to scan smart contracts for potential vulnerabilities, then augment the procedures with line-by-line manual code review to ensure a thorough assessment.
