Do We Agree on What an “Audit” Is? Toward Standardized Smart Contract Audit Reporting
This program is tentative and subject to change.
Smart contract security audits are essential for trust in decentralized finance (DeFi), yet audit reports from different firms vary widely in scope definition, severity labels, fix verification, and report structure. These differences make it hard for developers, users, and other stakeholders to assess risk. In this paper, we address these issues by empirically analyzing 160 audit reports from 26 leading auditing firms to uncover patterns and gaps in current practices. Using qualitative content analysis, we extract a taxonomy of 19 common properties that audit reports include (or omit). We then apply Formal Concept Analysis (FCA) to identify five distinct ``report style families'' used by auditors, and perform a temporal trend analysis to see if the industry is converging on certain best practices. Finally, we synthesize a feature model that specifies a minimal defensible baseline for audit reports, distinguishing mandatory sections from optional extensions to support traceability and consistent interpretation across reports. This model enables reproducible comparisons across auditors, strengthens accountability for scope definition and fix verification, and provides an evidence base to improve the quality and uniformity of smart contract audit reporting.
This program is tentative and subject to change.
Tue 14 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
14:00 - 15:30 | |||
14:00 10mTalk | How are MLOps Frameworks Used in Open Source Projects? An Empirical Characterization Technical Papers Fiorella Zampetti University of Sannio, Italy, Federico Stocchetti University of Sannio, Italy, Federica Razzano University of Sannio, Italy, Damian Andrew Tamburri University of Sannio - JADS/NXP Semiconductors, Massimiliano Di Penta University of Sannio, Italy Pre-print | ||
14:10 10mTalk | Do We Agree on What an “Audit” Is? Toward Standardized Smart Contract Audit Reporting Technical Papers Ilham Qasse Reykjavik University, Mohammad Hamdaqa Polytechnique Montreal, Gísli Hjálmtýsson Reykjavik University | ||
14:20 10mTalk | AFGNN: API Misuse Detection using Graph Neural Networks and Clustering Technical Papers Ponnampalam Pirapuraj IIT Hyderabad, Tamal Mondal Oracle, Sharanya Gupta Yokogawa Digital, Akash Lal Microsoft Research, Somak Aditya IIT Kharagpur, Jyothi Vedurada IIT Hyderabad | ||
14:30 10mTalk | An Empirical Analysis of Cross-OS Portability Issues in Python Projects Technical Papers Denini Silva Federal University of Pernambuco, MohamadAli Farahat North Carolina State University, Marcelo d'Amorim North Carolina State University Pre-print | ||
14:40 10mTalk | Learning Compiler Fuzzing Mutators from Historical Bugs Technical Papers Lingjun Liu North Carolina State University, Feiran Qin North Carolina State University, Owolabi Legunsen Cornell University, Marcelo d'Amorim North Carolina State University | ||
14:50 40mMeeting | Mining Challenge Finalists MSR Program | ||