What happens after you submit a contract, end-to-end.
A QorTrace Smart Contract Audit follows the same pipeline regardless of tier — the difference is depth of human review.
Pipeline stages
- Intake — you submit via GitHub URL, zip upload, or pasted source. We support 18 chains today.
- Static pre-pass — our 9-detector engine flags well-known anti-patterns (re-entrancy,
tx.originmisuse, uncheckedecrecover, etc.) with example trigger snippets. - AI deep-pass — Claude Sonnet 4.5 reads the full codebase +
qortrace-methodrubric and emits structured findings (severity, evidence, suggested remediation). - Scoring — we apply the family-specific formula (BTC / EVM / Solana) and compute the security score 0-100 + the trust score.
- Delivery:
- Standard tier → straight to a stamped PDF + public certificate. Minutes.
- Deep Dive tier → all of the above PLUS a senior auditor reviews each finding, removes false positives, adds context-specific findings the model missed, and signs the final report. 2-5 business days depending on scope.
What you receive
| Asset | Format | Where it lives |
|---|---|---|
| Signed PDF report | /api/audit/{id}/report.pdf (cookie-authed) | |
| Public certificate | HTML / PNG / SVG | /audit/{id}/certificate.html (anyone can view) |
| Verification URL | HTML | /verify/{id} (anyone can verify) |
| Embeddable badge | Markdown / HTML | rendered on /account/audits/{id} |
| OG share card | PNG | /api/audit/{id}/og.png for LinkedIn / X / Slack |
Disputing a finding
Both tiers have a 30-day dispute window. Open a ticket from your audit detail page and a senior reviewer will respond within one business day. See the FAQ for the resolution process.