Proof of Audit

Proof of Audit

-

Project Context

The smart contract audit industry suffers from a trust problem: how do you prove that a contract has actually been audited? PDF reports can be forged, website badges easily copied, and no standard exists to verify these claims independently.

Proof of Audit transforms traditional audits into verifiable cryptographic proofs, permanently stored on the blockchain via the Verax protocol.

The Problem Solved

Current Situation

  • Protocols display "Audited by X" with no onchain proof

  • PDF reports can be modified or misrepresented

  • No standard way to verify an audit occurred

  • Fake audit firms proliferate

  • Information asymmetry hurts investors

The Solution

An onchain attestation that permanently links:

  1. The Auditor — Identified by their Ethereum address

  2. The Code — GitHub repository URL

  3. The Version — Audited commit hash

  4. The Contract — Deployed smart contract address

Features

Attestation Creation

The interface allows auditors to create an attestation in a few clicks:

  1. Connect wallet (auditor identity)

  2. Enter GitHub repository URL

  3. Enter audited commit hash (40 hex characters)

  4. Enter deployed contract address

  5. Sign and publish onchain

Public Verification

Anyone can verify an attestation via:

  • The Verax Explorer

  • GraphQL queries on the Verax subgraph

  • Direct onchain registry reads

Technical Architecture

Verax Schema

// Attestation structure
(string commitHash, string repoUrl)

  • commitHash — SHA-1 of the audited Git commit

  • repoUrl — GitHub repository URL

The attestation subject is the audited contract address.

Portal

A public Verax Portal allows any auditor to create attestations. The trust model relies on the auditor’s reputation (their Ethereum address).

Frontend Stack

  • React with TypeScript

  • Vite for building

  • wagmi and viem for blockchain

  • Reown AppKit for wallet connection

  • Verax SDK for attestation interactions

Data Schema

Each attestation contains:

{
  "issuer": "0x...",           // Auditor's address
  "subject": "0x...",          // Audited contract
  "schema": "0x59ffe1d...",    // Proof of Audit schema
  "data": {
    "commitHash": "37f8ecd...",
    "repoUrl": "https://github.com/owner/repo"
  },
  "expirationDate": 1735689600, // Expiration (30 days default)
  "attestationId": "0x..."     // Unique identifier
}

Use Cases

For Auditors

  • Building a verifiable onchain reputation

  • Undeniable proof of work

  • Publicly viewable audit portfolio

For Protocols

  • Transparent demonstration of security commitment

  • Verifiable proof for investors

  • Possible integration into DeFi dashboards

For Users

  • Independent verification before investing

  • Distinction between legitimate and fraudulent audits

  • Simplified due diligence

Possible Integrations

DeFi Dashboards

Aggregators like DeFiLlama can display verified audit status.

Insurance Protocols

Insurance protocols can adjust premiums based on attestations.

Wallets

Display an "Audited" badge when interacting with an attested contract.

Resources

Note
 Proof of Audit is open source and part of the official Verax examples. It demonstrates how traditionally opaque processes can be made transparent and verifiable through onchain attestations.