Audit Workflow

Structure your security audit process with BlockSecOps. --- Goal: Receive and prepare for engagement Steps: 1. Create project for engagement 2. Receive...

Last updated: January 14, 2026

Audit Workflow

Structure your security audit process with BlockSecOps.

Audit Phases

Phase 1: Intake

Goal: Receive and prepare for engagement

Steps:

  1. Create project for engagement
  2. Receive contract code from client
  3. Gather documentation/specs
  4. Define scope

BlockSecOps Tasks:

  • Create project
  • Upload contracts
  • Tag with metadata

Phase 2: Reconnaissance

Goal: Understand the codebase

Steps:

  1. Review documentation
  2. Understand architecture
  3. Identify key components
  4. Map dependencies

BlockSecOps Tasks:

  • Run initial Quick scan
  • Review file structure
  • Note language/framework

Phase 3: Automated Analysis

Goal: Comprehensive automated scanning

Steps:

  1. Run Deep scan
  2. Wait for completion
  3. Export initial results

BlockSecOps Tasks:

blocksecops scan ./contracts --preset deep

Scanners Run:

  • Static analysis (Slither, Aderyn, etc.)
  • Symbolic execution (Mythril)
  • Fuzz testing (Echidna)
  • AI-powered (SolidityDefend)

Phase 4: Triage

Goal: Categorize and prioritize findings

Steps:

  1. Review all findings
  2. Verify true positives
  3. Mark false positives
  4. Prioritize by severity
  5. Assign to team members

BlockSecOps Tasks:

  • Filter by severity
  • Update finding status
  • Add initial notes
  • Assign owners

Triage SLA:

Severity Triage Within
Critical 4 hours
High 1 day
Medium 2 days
Low 1 week

Phase 5: Investigation

Goal: Deep analysis of confirmed findings

Steps:

  1. Understand attack vector
  2. Assess exploitability
  3. Determine impact
  4. Develop PoC if needed
  5. Document thoroughly

For Each Finding:

  • Verify scanner accuracy
  • Trace code path
  • Consider edge cases
  • Check related code

Documentation:

## Finding: Reentrancy in withdraw()

### Location
Token.sol:45-52

### Description
The withdraw function makes an external call before updating state.

### Impact
Attacker can drain all funds from contract.

### Proof of Concept
1. Deploy attacker contract
2. Call withdraw with callback
3. Re-enter during callback

### Recommendation
Use ReentrancyGuard or CEI pattern.

Phase 6: Manual Review

Goal: Find issues automated tools miss

Focus Areas:

  • Business logic flaws
  • Economic attacks
  • Protocol-specific issues
  • Access control logic
  • State machine correctness

Time Allocation:

  • 30% automated analysis
  • 70% manual review

Phase 7: Report Writing

Goal: Create client deliverables

Report Sections:

  1. Executive Summary
  2. Scope and Methodology
  3. Findings Summary
  4. Detailed Findings
  5. Recommendations
  6. Appendix

BlockSecOps Tasks:

  • Export findings
  • Generate PDF report
  • Add custom sections

Phase 8: Delivery and Fix Verification

Goal: Deliver report and verify fixes

Steps:

  1. Deliver initial report
  2. Client implements fixes
  3. Re-scan to verify
  4. Update finding status
  5. Deliver final report

Re-verification Scan:

blocksecops scan ./fixed-contracts --preset standard

Timeline Template

Phase Duration % of Total
Intake 0.5 day 5%
Reconnaissance 1 day 10%
Automated Analysis 0.5 day 5%
Triage 1 day 10%
Investigation 3 days 30%
Manual Review 3 days 30%
Report Writing 1 day 10%

Total: ~10 days for medium engagement

Project Organization

Project Setup

Project: Acme Token Audit v1
├── Contracts
│   ├── Token.sol (uploaded)
│   └── Vault.sol (uploaded)
├── Scans
│   ├── Initial Deep Scan (complete)
│   └── Re-verification (pending)
├── Findings
│   ├── Critical (2)
│   ├── High (5)
│   └── Medium (12)
└── Reports
    └── Draft Report v1

Tags

Use tags for organization:

  • audit, review, retest
  • q1-2025, q2-2025
  • client-a, client-b
  • defi, nft, token

Quality Checklist

Before Delivery

  • All Critical/High findings verified
  • False positives marked and justified
  • All findings have remediation guidance
  • Report reviewed by second auditor
  • Executive summary complete
  • Client-specific context included

Finding Quality

Each finding should have:

  • Clear title
  • Accurate severity
  • Precise location
  • Detailed description
  • Impact assessment
  • Remediation recommendation

Collaboration

Assignment

Distribute workload:

  • Assign findings by component
  • Assign by severity
  • Balance across team

Handoff

For team handoffs:

  • Update all finding notes
  • Mark investigation status
  • Add context for next person

Review

Before finalizing:

  • Peer review all Critical/High
  • Second opinion on severities
  • Consistency check

Next Steps