Trustblock
Search…
⌃K
🛠

Publish an audit

Once you're registered as an auditor on Trustblock, you are able to upload your audits. Your auditor profile is attached to a wallet address, you'll have to use it to use our system.
Publishing is done through a single/simple transaction
function publishAudit(
address[] _smartContracts,
uint256 _lowIssues,
uint256 _mediumIssues,
uint256 _highIssues,
uint256 _criticalIssues,
bytes _reportHash
)
Calling this method, roughly costs 200K GWEI, the price in fiduciary currency varies depending on the chain you're calling it from, but here are some approximates:
  • Eth: $10-30
  • Binance Smart Chain/Polygon/Avalanche: >$0.01
There are two methods to upload an audit:

Programmable method: using our API + sending a transaction

  1. 1.
    Upload your report to our IPFS server As shown in the method, our contract's publish method must be provided with a reportHash, this hash is used to access the report pdf file stored on our IPFS server. So before sending the request, your report must be uploaded, to do so you will have to use our uploadReportToIPFS API request.
GET
https://o6ms1bg1o7yv.usemoralis.com:2053/server/functions/uploadReportToIPFS
?ApplicationId=TADcmt7xE1UAOSMhg21thDCTTFmG5RA0715JMEby
&url=<Optional: Direct url to file>
&base64=<Optional: File in Base64 binary>
&address=<Required: the address associated to your auditor's profile>
&publishToken=<Required: the secret token given to you by our team to publish>
RESPONSE
{
hash: <Hash to use for the transaction>,
url: <Direct url to file on IPFS>
}
To upload your file, you can use base64 or url, but we recommend using url for a faster response.
2. Send the transaction Once you have your hash, you can now send your transaction, using web3 or ethers to our contract. The transaction emits an event called auditPublished containing the address of the newly generated address, which must be kept for the third and last step. Our contract is hosted on multiple evm chains, be sure you use the same one as the audited smart contracts' addresses.
Since we are still on testnets for now, you should use the following chains to publish: - Eth => Goerli - Polygon => Mumbai - Avalance => Fuji - Binance Smart Chain => Binance Smart Chain Testnet
Trustblock-Abi-Factory.json
3KB
Code
Here is the abi of our contract factory
Below is an example of sending the transaction + get the address of the new audit using Hardhat scripts + ethers.
const hre = require("hardhat");
const trustblockFactoryAbi = require("../Trustblock-Abi-Factory.json");
async function main() {
const { ethers } = hre;
const [admin] = await ethers.getSigners();
const factory = new ethers.Contract(
"0xefaf666113d976ffcd902d83c828a6cb1332d18c", // Here we will upload our audit on the mumbai contract
trustblockFactoryAbi
);
const tx = await factory.connect(admin).publishAudit(
[
// Pass all the addresses in the scope of your audit
"0xe0339c80ffde91f3e20494df88d4206d86024cdf",
"0xe0339c80ffde91f3e20494df88d4206d86024cdf",
"0xd6df932a45c0f255f85145f286ea0b292b21c90b",
],
3, // The description of the issue is stored in our centralized db
4, // only the count is stored on-chain to avoid expensive fees
5,
6,
Buffer.from("QmZ18Uj9y79d3qU7PyEq98fWnnittyAN4fqXAZ8Pth6qKu") // Use Buffer.from to pass the hash in bytes
);
const receipt = await tx.wait();
const [auditAddress] = ethers.utils.defaultAbiCoder.decode(
["address"],
receipt.logs[0].data
); // Get the address of the new audit inside logs from the receipt
// Use the audit address for the next step
}
main();
3. Add the audit relative information In the third and last step, you will have to send an API request, containing some extra information relative to the audit, its name, description, and the issues' descriptions. This request can only be called once by the auditor then our system will deny any future edits.
GET
https://o6ms1bg1o7yv.usemoralis.com:2053/server/functions/patchAudit
?ApplicationId=TADcmt7xE1UAOSMhg21thDCTTFmG5RA0715JMEby
&auditorAddress=<Required: the address associated to your auditor's profile>
&publishToken=<Required: the secret token given to you by our team to publish>
&address=<Required: Address of the audit>
&chainId=<Required: Chain where the audit has been minted, see list of chainIds below>
&name=<Required: the audit name>
&description=<Required: the audit description, accepts markdown>
&lowIssuesDetails=<Required: array of low issues' descriptions, accepts markdown>
&mediumIssuesDetails=<Required: array of medium issues' descriptions, accepts markdown>
&highIssuesDetails=<Required: array of high issues' descriptions, accepts markdown>
&criticalIssuesDetails=<Required: array of critical issues' descriptions, accepts markdown>
&tags=<Required: array of project's tags ids
Token: rLmhiS3qDy4fw2cfD6jAoiEv
Social: pH90mndVVeds2uXaYIXt2ljD
Collectibles: eBvQJjcfH8r8THoPLnVInQl2
Governance: UX0PzwVORjNM40d8FSnA80Bl
Defi: POwCgAdlP9ujUh4Ts8ZH0XQA
Gaming: OkUaEHtc2uEOv6ylFWdBX5qn
Other: 06y1AS8bKQZFm4GwauPMUdGp
>
RESPONSE
{
// Will contain all the data from your stored audit object
address: <Address of the audit>,
chainId: <Chain used>,
// You can use the address & the chainId, to get the url of your audit
// The url of an audit always respects the following scheme:
// https://publish.trustblock.app/audit/<chainId>/<address>
}

Manual method: using our platform

  1. 1.
    Head to our platform.
2. Connect your wallet with the address, you've registered your auditor with.
If you connected with an address registered as an auditor on our system, the "My Profile" button should appear.
4. Click on My Profile , this will redirect you to your Profile page, at the bottom of the page you'll see two buttons:
  • Update profile: change your logo, name, description, etc...
  • Publish an audit: Redirects you to the Publish page
Click on the "Publish an audit" button.
4. Once you've clicked on the Publish an audit button, you will be redirected to the Publish page have to make sure you're using the same chain as the audited smart contracts' addresses.
Since we are still on testnets for now, you should use the following chains to publish: - Eth => Goerli - Polygon => Mumbai - Avalance => Fuji - Binance Smart Chain => Binance Smart Chain Testnet
5. Fulfill the information, and hit the Publish audit button.
Please read the Before publishing an audit section, to know what is relevant to put inside an audit.
Confirm the transactions.
6. You're all done, now you can head to the Audit page, see your new audit appear on your Profile page, and your metrics will be updated.

Before publishing an audit

  • Platforms expect final audits attached to deployed contracts.
  • The issues inside the on-chain audits must be the ones that remained inside deployed contracts, solved ones should not be added.
  • The report must be a pdf file.