Hello. I am not a programmer or smart contract auditor. This is important to say. But I want to be sure that I am transferring money to a reliable protocol. DeFi, Startups that use smart contracts in their work. All those projects that accept cryptocurrency tokens to their smart contract address. My task is figuring out how to check the algorithm for errors or backdoors without special training. This article is dedicated to precisely that. Our task is to reduce the likelihood of potential losses. How to avoid scams. Let's get started.

The point is that when we interact with a project, we are forced to trust them. We have to do this, especially if the company provides quality service. Personally, it will become easier for me if a third-party organization audits the smart contract of such a project. An independent, unrelated auditor will review the code. Line by line. They use special software and their vast experience. It is perfect if it is a well-known auditor. In this case, I feel happy.

Not everything is so good. Suffice it to recall the example of Balancer and similar large hacked projects. Their audit was excellent. But that didn't help them. The larger the project, the more attractive it is to scammers. I'm scared for Lido. There's $36 billion in Ethereum staking. This could become a bifurcation point for all cryptocurrencies if fraudsters pick up the key to the smart contract.

Remember that I am talking about companies that already have an audit! What should we do with those projects that do not have it? It is essential to understand that the less known the project, the greater the profitability. The risks increase significantly. Remember this. But we chose this path. Being first is very difficult and dangerous. There is a high probability of losing money. But if successful, you collect the entire harvest. Please, think about it.

How do we analyze a smart contract without special knowledge and at minimal cost? I have prepared a small manual with which you can reduce the likelihood of falling for scammers. Let's get started.

The simplest option. We go to the site: de.fi. We go to their website and enter the project's name that interests us. Choose "Scanner" for this. Try different name options. It is not always possible to find a project the first time.

The main disadvantage of this solution is that it will not be possible to find an overview of new projects. They are not in the database. But for well-known projects, this is an excellent solution. Start your research with de.fi. Go ahead.

But what if the project you want to check appeared recently? And the owners did not have time to audit the smart contract. First of all, find the official Github of this project. It's important not to make a mistake. Be sure that this GitHub belongs to them. Go to the website remix.ethereum. You need to choose to download files from Github. Let's do it and go further.

Important point! In this program, we work with smart contracts written in the Solidity programming language. In Github, select a file with the extension *.sol. We need to compile this smart contract to research the file.

You need to click on the compiler icon. The first step is to go to the smart contract file and find out the version of the compiler you need to run. Select the version you need in the drop-down list. Forward!

After this, you must select the solidity analyzer and run the plugin. Remember that you are not running an analysis of the entire project but only of one file. To test the whole project, you must repeat this operation with all project files!

The report looks like this.

We can use the paid MythX plugin to get a more in-depth analysis. The cost of three checks is ~$10. This is not obligatory, but it is worth considering the large amounts of money we will transfer to this unknown DEX.

First, we must visit the website mythX.io and pay for the checks. For the first time, I chose a package of three analyses for $10. This is enough to understand how it works. After payment, you will receive an API key that you will need to use in remix.etherium.

Next, we go to plugins and write the name of the paid plugin: mythX. Let's activate it. You may need to recompile the file or refresh the page before you can run the check.

Select the depth of analysis and press the button. The result of an in-depth analysis will have to wait. I waited 40 minutes.

I did two tests. Fast and deep. Both reports are available in PDF files.

I got different results in each test. But they are all united by the fact that this particular smart contract has problems. And he is vulnerable to attack. That is why I will do several different analyses of the projects in which I will make a deposit. For example, no significant error was found in the well-known Lido protocol. It seems that he is very protected.

I tried to find a solution for the average person with this article. A person who does not have the necessary education in smart contract auditing but wants to reduce the likelihood of losing his own money.

If you know other simple ways to audit smart contracts, please do not hesitate to share this information!

Thank you for your attention. See you!