Daml Smart contracts need auditing like Solidity?

I am developing a Finance platform on Canton Network. I have a question about the Daml workflow auditability.

Before going live does Daml smart contracts need to be audited like solidity?

I’m wondering: in practice, do institutional node operators typically require a third-party audit report before agreeing to deploy a DAR on their production nodes? Or is workflow testing on TestNet/DevNet sufficient?

This likely depends on the receiving organization and their process around AppSec verification.

In general, Daml is a smart contract language and can/should be audited. There are many security audits firms who now have Daml experience, including Quantstamp, Certik, Halborn and others. There are ongoing discussions with others around gaining experience and knowledge of the Daml and Canton technologies and the wider Canton Network ecosystem.

It should also be noted that there are other factors for Canton Network that mean that the security risks are different:

• Privacy means that for private transactions the data is not publicly available for reconnaisance by unauthorized parties.
• Canton also requires “Package vetting”, i.e. an explicit upload of packages by the node operator. It is not possible to unilaterally upgrade a contract remotely, in the way an Ethereum contract can be updated (think proxy mechanisms or upgrade capabilities like used for some wallets).
• Daml itself is also not vulnerable to common Solidity attacks like reentrancy, integer overflow nad mishandling boolean returns vs exceptions (to name a couple of common Solidity/EVM issues).

So in general I would expect node operators to be doing code verification prior to use. This is still software and consequently must be checked for any system with real value. Does the business logic match expectations and have appropriate guards in place?

Thank you so much for the detailed reply — this is very helpful.

It’s reassuring to see how Canton’s privacy model, package vetting, and Daml’s design (avoiding many common Solidity/EVM issues) change the overall security and audit considerations compared to public chains. I agree that, regardless of platform, workflows handling real value must still be carefully verified to ensure the business logic and safeguards are correct.

As a follow-up: from your experience, do institutional node operators typically consider internal reviews and TestNet/DevNet validation sufficient for most use cases, with third-party audits required only for higher-risk workflows? Or is there a growing expectation that formal external audits will become standard as applications mature on the Canton Network?

Thanks again for the clarity and insight.

I think the most likely answer is that this is still a work in progress and the expectations will differ across the wallet providers. There are ongoing discussions around supply chain risks for smart contracts.

Thanks Edward for the insights, really appreciate the clarification.