Why it matters

Smart contract audits are one of the most important trust signals in crypto. Before depositing funds in a protocol, users and investors look for audit reports. But audits are scattered across auditor websites, GitHub repos, and protocol docs — there's no single structured place to look up the full audit history of a project. Building this in Geo makes security information accessible and connects audits to the projects, auditors, and people involved.

What to publish

  • Create entities for individual audit reports

  • For each audit, publish:

    • Protocol or project audited — link to existing Project entity

    • Auditing firm — link to Company entity (create if needed)

    • Date of audit (or date range)

    • Report URL (PDF or web page)

    • Scope (which contracts or version were audited)

    • Number of findings by severity (critical, high, medium, low) if available

    • Whether findings were resolved

  • Create Company entities for major audit firms if they don't exist:

    • e.g. Trail of Bits, OpenZeppelin, Consensys Diligence, Spearbit, Cyfrin, Zellic, Sherlock, Code4rena, Cantina

  • Tag with relevant Topics (e.g. security, smart contract auditing, DeFi)

  • Link audit firms to the audits they performed

Scope

Start with the top 50 protocols by TVL and capture their full public audit history. This will likely yield 100–300 individual audit reports.

Potential sources

Protocol documentation and security pages, auditor websites and public report repositories, Solodit audit database, GitHub repos (many protocols store audits in a /audits folder), DeFi Safety reports.