the audit

In order to receive the certification a project needs to pass four stages :

• The KYC process
• The Code Audit
• The Contract Audit
• Pentesting

At the end of each individual stage a completion badge will be handed over to the customer. The badge can be freely shared on social media. More details of the audit process are explained below :

audit phases

Phase 1: the audit request

1. The client submits an audit request containing a link to their github code.The Defipass Security engineer reviews the request and determines the price

2. DefiPass responds to the request with a service agreement proposal, the conditions of the audit and form for the KYC duplicates. The request contains an invitation for an intake interview with the core team of the relevant applicant.

• During the intake interview we do another ‘live’ KYC process for checking KYC.
• If this process is successfully completed, the customer will receive the badge : “KYC Passed by DeFiPass”.

Phase 2: Control code, contracts, website, etc

1. The application code is checked by the engineering staff

• Alignment Meeting with the security staff to share findings and results.
• Alignment Meeting with management staff for final decision.

2. Defipass sends the result document with summary to the customer, so that any adjustments can be made. The score is also stated in the report.

• If the code has passed the tests, the client receives the badge: “CodePassed by DefiPass”. The client also receives an optional recommendation list in case the final score was below 100%.
• If the code is insufficient, the customer will be sent a report with comments and mandatory adjustments. The customer may request a re-evaluation once, free of charge.

        Notes :

• Per each following re-evaluation an additional handling fee will be charged.
• If, after the re-evaluation, the code is finally approved, the customer will still receive the badge: Codepassed by DefiPass.

3. The contract code is checked, this will be done through both an AI algorithm and our security staff. In case the tests are successful, the customer will receive the badge : “RugPassed by DeFiPass”. In case the outcome is negative the same rules as for the CodePassed apply, e.g. the customer has the right for one free re-evaluation, further re-evaluations require an extra fee. After the final approvement the customer receives the concluding RugPassed label.  

4. The Dev team checks the infrastructure ability to resist a ddos attack. When this last process is successfully completed, the customer receves the badge: “Penpassed by DeFiPass”

After completion of the four stages, the four badges gets replaced by the badge : “DeFiPass Certified”