Summary
The most critical subjects covered in our audit are access control, functional correctness, and Denial-of-Service vectors.
Security regarding access control is high, after an issue that allowed bypassing the token-gating system has been fixed, see Subscription Can Be Passed Around. Functional correctness is high, after issues with the royalty implementation has been fixed, see Royalty Payments With Native Tokens Break Marketplace Integrations. Security regarding Denial-of-Service vectors is high after the previously implemented refund mechanism was removed, see Refund Mechanism Can Be Abused to DOS a Series.
A general subject covered is gas efficiency. Gas efficiency was improved, see Burning Can Increase Withdraw Gas Cost and Gas Optimizations.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Neulock Smart Contracts
Studio V implements a storage contract to be used with an on-chain password manager. The access to the contract is gated through an NFT contract, with a points system attached.
ChainSecurity approached our audit with exemplary professionalism and depth. Their team’s competence and thoroughness sharpened every aspect of our codebase, guiding us toward a cleaner, more correct implementation. Just as important, they were fantastic people to collaborate with: responsive, clear, and genuinely invested in our success. Thanks to their work, Neulock’s security posture is stronger than ever.on our security audit.
Lucas Neves, author of Neulock Web3 Password Manager