A key component of an Evertas platform risks evaluation includes audits of the insured’s smart contract code, as a means of identifying the potential for exploits or other points of failure leading to loss events. We work with highly specialized outside experts to conduct these audits and require that certain standards be met. Candidate firms will be reviewed and approved by Evertas leadership and additional advisors and experts as needed.
In order to be considered, potential auditors must:
- Possess a documented history of at least one year in operation with 50 or more successfully completed smart contract audits covering at least $100 million USD of value on active, liquid protocols.
- Carry errors and omissions (also called business liability) insurance coverage of at least $2-million USD, in addition to indemnification up to that amount, in order to cover losses incurred by Evertas as a consequence of auditor error.
- Provide clear internal documentation describing the audit process.
- Conduct independent internal quality assurance reviews, at least annually.
- Employ automated audit tools whenever possible.
- Require that at least two auditors work in tandem on each project.
- Begin each audit with a clearly defined declaration of scope and goals, outlining precise issues and bits of code to be examined.
- End each audit with a clear statement of deficiencies found and—where applicable—remediated.
Exceptions to these criteria may be allowed at our discretion, and these will be documented by Evertas leadership and at least one outside expert.