A smart contract audit is a structured review of smart-contract source code with the goal of identifying vulnerabilities, logic errors, and design weaknesses before the code is deployed to a public blockchain.
A serious audit combines manual review by senior auditors, automated static and dynamic analysis (Slither, Mythril, Echidna), property-based and invariant testing (Foundry, Forge), and threat modeling of the protocol's economic design.
Audits are not certifications. A clean audit report does not guarantee a contract is safe, it documents what a specific team examined in a specific window of time. Code that changes after the audit, or interacts with contracts that were not in scope, can still introduce vulnerabilities.
Most production-grade DeFi protocols undergo multiple independent audits, a public competition (e.g. via Code4rena or Sherlock), and an ongoing bug bounty before and after launch.
A typical audit report ranks findings as critical, high, medium, low, or informational, with remediation guidance for each. The most important sentence in any audit report is the scope statement, read it first.