Summary
Lido implements a staking protocol that allows users to stake their ETH while maintaining liquidity. In addition, it allows users to receive rewards for their staked ETH without running validator nodes. The inverse is true for node operators – they can run validator nodes and receive rewards without having to supply ETH themselves.
The most critical subjects covered in our audit are functional correctness, the trust model, and security of user funds. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency and access control. Some improvements to gas efficiency can be made.
The documentation provided was detailed and helpful in understanding the complexity of the system.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Lido
“Lido is a liquid staking solution for ETH backed by industry-leading staking providers. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending.
Lido attempts to solve the problems associated with initial ETH staking – illiquidity, immovability and accessibility – making staked ETH liquid and allowing for participation with any amount of ETH to improve security of the Ethereum network.”
.svg)
Summary
Mellow Finance offers an investment protocol that pools investors funds and manages these funds according to an investment strategy smart contract.
The overall system has certain parameters managed by The ProtocolGovernance smart contract. Different vaults are responsible to keep the funds and/or invest them in other DeFi protocols like AAVE, YEARN or Uniswap. A root vault is the overarching connector for all vaults. The root vault is the entry point for a user to invest funds. Strategy contracts balance the ratios of tokens held in the vaults and between the vaults.
A user who wants to invest funds will send the funds to the root vault. The root vault will in return issue a corresponding amount of liquidity provider tokens to track the user’s investment to the user. The funds will end up in a special vault which acts as a cash position. As soon as a strategy manager invokes the vault rebalancing in the connected strategy, the strategy will distribute the funds from the cash vault to the investment/integration vaults. These vaults will use the funds to invest into the third party DeFi protocols like Aave. When a user decides to redeem/withdraw their liquidity provider tokens for the corresponding share of tokens, the root vault will drain the cash vault and if needed take more money from the investment/integration vaults.
About Mellow Protocol
“Mellow Protocol is permissionless vaults ecosystem for capital efficiency. The Protocol provides the layer for creating liquidity rebalancing strategies and helps to focus on models instead of infrastructure.
Mellow permissionless vaults are a set of smart contracts that allow anyone to create a multi-ERC20 token Vault and a Strategy on top of different DeFi protocols (like Uniswap, Yearn, etc.) and blockchains (like Ethereum, Optimism, etc.)
Vaults are smart contracts that put liquidity into different underlying protocols. The underlying protocol could be some well-known DeFi protocol like Uniswap, Sushiswap, Yearn, Compound, etc., or another Vault.
The tokens managed by Vault are fixed and immutable, i.e. Vault cannot start managing additional tokens or stop managing existing tokens. Each Vault can only put liquidity into one fixed underlying protocol.
When the Liquidity provider deposits liquidity into the Vault, he receives LP tokens back (or NFT token – that depends on a particular Vault). On withdrawal, the Liquidity provider burns the LP tokens and receives his liquidity and earned profits back.
The Strategy can only redistribute ERC-20 tokens between protocols. The tokens can leave the Vault only when the Liquidity provider withdraws it.”
Source: Mellow Protocol team
Summary
The most critical subjects covered in our audit are functional correctness, access control and compatibility with the Enzyme system.
Security regarding all subjects is high.
The general subjects covered are error trustworthiness, documentation, and interaction with external systems according to their documentation. Compatibility with external systems is extensive. However, note that for compatibility with Solv requires an upgrade by Solv, see Solv’s BUYER_PAY fee pay type is unsupported is valid. Documentation is good. Trustworthiness is high given the trust model. However, please consider the note Arbitrary Loan Powers. In summary, we find that the codebase provides an improvable level of security. Note that most items covered are of high security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions V Smart Contracts
Avantgarde Finance implements two new policies that allow fine-grained access control on adapters and external positions and a new list registry for unsigned integers used by the latter policy. Additionally, a derivative price feed for FIDU, an LP token with USDC as its underlying, is introduced. Further, a manual value oracle is implemented that allows its owner to set arbitrary uint256 values while keeping track of the latest update time. For its ownership transfers a new mixin is offered that implements the ownership transfer and claim mechanism. Arbitrary uncollateralized loans are offered through a new type of external position that allows to plug in accounting modules that compute the interest owed. Two such accounting modules are offered where one leverages the manual value oracle and the second one implements fixed interest. Two new external position types are also introduced to integrate with Solv Protocol’s convertible vouchers from the buyer and from the issuer side. Lastly, Avantgarde Finance updated the DepositWrapper contract.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
The most critical subjects covered in our audit are functional correctness, interaction with external systems according to their documentation, and compatibility with the Enzyme system. Security regarding all the aforementioned subjects is high. The general subjects covered are trustworthiness, documentation, and error handling. Security regarding all the aforementioned subjects is high. In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VI Smart Contracts
Avantgarde Finance implements changes for the external position for Compound to improve validation of the borrow and repay actions such that fund managers cannot mistakenly pay back zero amounts on unused cTokens which earlier removed the debt for a cToken with the same underlying. Additionally, changes were made to the fee reserve so that governance can do arbitrary calls from the fee reserve. Further, a new integration is implemented that allows minting and burning Balancer v2 LPs for arbitrary pools. For weighted Balancer v2 pools a pricefeed has been implemented. Last, a new external position type is introduced to integrate with Notional v2 so that depositing collateral, lending, borrowing, and paying back debt is possible.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
.png){kind=logo}
Summary
The smart contracts implement the Executor for Governance actions on Arbitrum/Optimism, hence they bear a very privileged role within the Aave contracts on the network.
The most critical subjects covered in our audit are functional correctness and security of the queue / execution mechanism. The issues reported as part of the holistic assessment of the smart contracts security might affect the secure operation, depending on the behavior of the trusted roles.
In summary and under the assumption the trusted roles act correctly as expected, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Aave bridge executors
“Aave is a decentralised non-custodial liquidity market protocol where users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion.”
Summary
The most critical subjects covered in our audit are functional correctness, security and the users control over their own funds without having to trust third parties more than necessary. While the contracts overall implement the same functionality as their counterpart for Optimism/Arbitrum, the implementation and interfaces exposed differ.
Security regarding all the aforementioned subjects is high as the issues reported have been resolved. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Starknet Teleport
The smart contracts implement an extension to integrate the Starknet DAI Bridge into Teleport which facilitates fast transfers of DAI between different L2/L1 called “domains”.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and interactions with the core contracts. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSSProxyActions
MakerDAO implements a new version of the proxy actions contract that, similar to the previous proxy
actions contract, offers functions that batch interactions with the DAI Stablecoin system.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are security and functional correctness.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Proxy
DssProxy implements a replacement for DSProxy, a proxy contract for users to use with the ProxyActions contracts of the Maker applications such as Oasis.app.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
Angle implements a new way to borrow Angle’s stable token agEUR by using over-collateralized loans with liquidation mechanism.
The most critical issue uncovered in our audit is a call to an untrusted address. The amount of issues uncovered are usual for a project of this size. The documentation of the project is good and the communication with the team was very professional. All issues were fixed accordingly or (in case of some low severity issues) acknowledged.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Angle Protocol – Borrowing Module
Angle is a decentralized stablecoin protocol, it has launched agEUR which has become the biggest decentralized Euro stablecoin in the market.
Summary
Claim Fee Maker implements an addition to the Maker protocol enabling fixed-rate debt over a certain period of time. This addition works with existing ilks/vaults without the need for any change to the core system.
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the core Maker system. Claim Fee works by issuing claims for which the holder can claim compensation for the stability fee accrued. DAI for payout might be generated by minting unbacked stablecoin accounted to the VOW.
Issuance collects no payment, the privileged role issuing claims must compensate the VOW accordingly, this is not handled by the smart contracts reviewed. A claim fee is not connected to an actual debt position / urn. Plans exist to address this, please refer to note: No connection between ClaimFee and actual Debt.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They
complement but don’t replace other vital measures to secure a project.
About MakerDAO – Claim Fee
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are security, functional correctness and the impact on the existing system.
In summary, we find that the codebase provides a high level of security. There is a risk that the shutdown process is blocked in case the Governance pauses the Cure contract. For more information please refer issue description in this report.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Cure
Cure is an extension for the Dai Stablecoin System which allows contracts to report DAI amounts which must be subtracted from the total debt during the shutdown process. The necessity for this arose as a new extenstion, DSS-Wormhole generates such DAI which must not be included the settlement during shutdown.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, precision of arithmetic operations, front-running and signature handling. Security regarding most of the aforementioned subjects is high. Security of signature handling is basic due to possible ECDSA malleability, see ECDSA Signature Malleability. Security of front-running is good but keepers could lose funds to rogue makers unexpectedly due to unawareness of the exact functionality of sniping, see No Protection for Keepers.
The general subjects covered are unit testing, documentation, specification, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove
Mangrove implements an offer book based exchange. Individual offer books exist for each market consisting of a base and a quote asset. Technically an offer book is a sorted doubly linked list of offers. Each offer promises an amount of the so-called base asset and requests a certain amount of the quote asset. Makers create these offers. Takers take these offers by executing a so-called order. During the execution of an order, the amount of the base quote is transferred to the maker first before the maker address is called to execute arbitrary code. During this call, the maker must do all actions necessary and make the amount of the base asset available for the exchange to collect.
Offers are just promises and the execution of an order may fail. When an offer fails e.g., because it failed to make available the amount of tokens to the exchange, the execution of the order is stopped. A penalty mechanism exists to incentivize makers to have working offers. Upon offer creation, the maker has to provide a so-called provision in Ether to cover for the gas costs should the transaction revert. If the offer
succeeds, the provision is returned to the maker. When an offer fails, a part of the provision is given to the taker to compensate for his lost gas costs.
A callback to the maker at the end of an exchange allows the maker to update his offer.
The system is administrated by the governance which can add/remove or pause token pairs or change the parameters of the system.
Summary
Swaap Finance implements an automated market maker protocol, with the intention to eliminate the losses of the liquidity providers, while enabling them to collect the fees from trades. This is achieved by dynamic
weighting of the underlying tokens and stochastic spread mechanism.
During the review, no critical issues were uncovered. All the uncovered issues have been mitigated or fixed. The most critical subjects covered in our audit are resistance to assets siphon attacks, stochastic process
simulation precision and integration with external systems. Security regarding all the aforementioned subjects is high.
The general subjects covered are trust model, functional correctness and specification quality. All the aforementioned subjects were of sufficient quality.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Swaap Core V1
“Swaap is the first market-neutral automated market maker. It brings efficient features from traditional Market Makers on-chain to strongly reduce impermanent loss, a phenomenon that causes LPs & Traders to lose billions of dollars each year.
- Liquidity providers access profitable market-making strategies (farming). The protocol strongly reduces impermanent loss and offers multi-asset pools
- Traders enjoy lower trading fees. Indeed, the protocol does not need to charge traders high fees to compensate LPs for their impermanent loss.”
.svg)
Summary
StakeDAO implements an alternative to staking into Curve, Angle or Frax and earn additional rewards. Similar to Curve the reward allocation can be voted on by Stake Dao token holders who locked their stake Dao in return for voting escrowed Stake Dao.
The first code assessment was limited to three contracts (see Version 1 and Version 2 ). The issues found are tagged accordingly in this report. As a result of the first code assessment the documentation and inline comments were refined and enhanced, however there is still room for improvement. In the second stage of the code assessment, we reviewed most of the system as laid out in Scope.
We uncovered one high and one medium severity issue. In the high severity issue a wrong variable is used as index. The medium severity issue is already public. Angle tweeted about it and fixed it in their code base. The remaining issues are of low severity. A few low severity issues remain acknowledged or partially fixed but all other issues including higher severity issues were fixed accordingly.
The communication with the team was always professional and quick. We are happy to help in the future and conduct the review for the remaining contracts. The current code base provides a satisfactory level of security. Still, we recommend to always keep up with the testing and put enough time and efforts into testing edge cases.
It is important to note that security code assessments are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO Frax
“Stake DAO is a non-custodial platform where you can do more with your money. Easily grow, track, and control your assets right from your wallet.”
.png)
Summary
Oasis.app implemented an automated management solution for Maker’s collateralized debt positions (vaults). Users manage command triggers which are executed by bots. In the current implementation, users can allow the Automation smart contract to automatically close their vault position should the collateralization go below a certain threshold. All in all, no high severity issues were uncovered. All the issues have been addressed.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.
Besides the home made features, Oasis.app is integrating several solutions, like 1inch for liquidity and Uniswap Swap Widget, to improve more and more and make the UX as complete as possible.”
Summary
The most critical subjects covered in our audit are the functional correctness and security of the DAI bridging mechanism, the functional correctness of the L2-DAI ERC-20 contract, the protection against censorship, and the functional correctness of relaying governance spells.
The documentation of the project contains a risk section discussing potential threats which helps the overall security of the project.
The security and the functional correctness of the reviewed version of the smart contracts is high, all critical and high severity issues uncovered in previous iterations of the review have been fixed.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project. Furthermore, due to the experimental nature of the L2 solution some risks remain.
The report will give an overview of the system, our methodology, the issues uncovered and how they have been addressed.
About MakerDAO: StarkNet DAI
MakerDAO implements a layer 2 DAI contract for StarkNet, a ZK-Rollup for Ethereum, and DAI bridging contracts from the layer 1 to layer 2. That also includes contracts for sending governance spells from layer 1 to layer 2.
—
“StarkNet is a permissionless decentralized Rollup operating as an L2 network over Ethereum. StarkNet allows any dApp to achieve unlimited scale for its computation, without compromising Ethereum’s composability and security, thanks to its reliance on the safest and most scalable cryptographic proof system — STARK. StarkNet is built on the Cairo programming language, the first production-grade Turing complete von-Neumann verifier on Ethereum.”
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, dependency on external contracts, and precision of arithmetic operations. Security regarding all the aforementioned subjects is high.
The general subjects covered are usage as a library, code complexity, documentation, specification, and gas efficiency. In general, these subjects are satisfactory. However, specification and documentation are non-existing, see Insufficient documentation, while code complexity is high due to complex control flows. That makes understanding the system and integrating with it difficult.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Farming
1inch implements two types of farming contracts. While the first one is a traditional farming contract where tokens need to be deposited for reward eligibility, the second one is as ERC-20 library contract which has farming capabilities built-in and, thus, allows for participating in multiple farms without requiring individual deposits in each one.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity and gas efficiency. All the aforementioned subjects were of high quality.
In summary, we find that the codebase in its current state provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About
The current version of the DAI Wormhole allows fast withdrawal (called “teleport” in the project’s terminology) of DAI from a supported L2 solution onto L1 Ethereum. Using trusted oracles, the DAI can be issued on the receiver domain based on the promise that the amount will eventually be settled through the default bridge.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
.png)
Summary
ClayStack implements a staking pool implementation that simplifies the staking MATIC tokens on numerous Polygon validators. A user that joins the pool, locks MATIC tokens and gets csMATIC tokens that accumulate the rewards over time. The csMATIC tokens can be then burned, to get the locked MATIC tokens back.
The most critical subjects covered in our audit are the security of the pool and token contracts, the functional correctness and the safety of the deposited funds. Security regarding all the aforementioned subjects is high.
In the final iteration after the intermediate reports no issues remain open. Overall we find that the codebase in its current state provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About ClayStack Matic
“ClayStack is a decentralized liquid staking platform that enables you to unlock the liquidity of staked assets across multiple chains. You can stake your assets and use the issued staking derivatives across the DeFi ecosystem.”
Summary
All in all, only one medium importance issue was uncovered where the remaining amount after a loan repayment remains locked in the external position. Furthermore, a few more minor design issues are reported. All the issues have been corrected.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the aforementioned modules to be added to the system of a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Extensions III Smart Contracts
The present report covers the implementation of the Fuse lending adapter, the Aave borrowing external position, the upgrade in the UniswapV3 external position where all liquidity NFTs are handled by the same external position and the USD to ETH price oracle.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
During the review, no important issues were uncovered. The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity, gas efficiency, documentation and specification. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions II Smart Contracts
These extensions introduce small changes in the Sulu core (Protocol Fee: Conditional burn or transfer of $MLN, Position Limit is now an immutable, Overhead handling finalization of Synthetix has been removed, 1st action after creating an ExternalPosition). Additionally a simplified PerformanceFee, and a ConvexCurvePool staking wrapper have been reviewed.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the existing system.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Crop Join
DSS-Crop-join introduces support for new ilks with a join adapter facilitating the staking of the collateral tokens in a third party system to generate reward instead of simply holding the tokens at the join adapter. The generated reward is distributed amongst the users the collateral belongs to.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Source: https://makerdao.com/en/whitepaper/
Summary
During the review no important issue was uncovered. The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
General subjects covered were code complexity and gas efficiency. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Curve LP & stETH oracle
The curve lp oracle contract implements a specialized oracle for the maker ecosystem that provides prices for lp tokens of a curve.finance pool. It determines the price based on the curve pools get_virtual_price() function. Its architecture is very similar to other pricefeeds such as e.g. the G-UNI LP Oracle. The stETH price feed implements a specialized oracle retrieving the price of stETH.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Source: https://makerdao.com/en/whitepaper/
Summary
MakerDAO implements a registry which allows users to only have one CDP ID per ilk. The registry will allow having an experience similar to the original proxy actions in the Charter and Cropper proxy actions.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency, documentation and trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, no issues were uncovered and we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – CDP registry
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
(Source: https://awesome.makerdao.com/#beginner-guides)
Summary
The most critical subjects covered in our audit are functional correctness of the changed code and the impact of the change on the existing system.
In summary, we find that the introduced change works correctly and does not introduce a security risk. No issue was uncovered during the review.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Rate Limited Flapper
MakerDAO added new functionality to the existing flapper contract: The amount of DAI under auction at the same time can now be limited.
Summary
Yearn Finance implements a partner tracker that tracks the vault deposits done over an affiliate partner. The tracked amount is simply the sum of all funds deposited via the partner into a specific vault.
We did not uncover any security related issues. Minor issues like unused imports or constants were found. Also, for a small code base we recommend to follow best practices and comment as well as document the code accordingly. All issues found were fixed accordingly.
In summary, we find that the codebase provides a high level of security.
About Yearn Finance – Partner Tracker
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
Avantgarde Finance implements extensions for Sulu. These extensions concern the implementation of a universal Curve adapter, the redemption of deprecated synthetic tokens for sUSD, improvements that allow users to repay their full Compound debt positions, the configuration of the name and the symbol of the shares of the funds, and the interaction with Olympus protocol.
During the review, no important issues were uncovered. All the minor issues have been fixed. The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity, gas efficiency, documentation and specification. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu extensions Jan ’22
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
Angle implements a decentralized, over-collateralized stablecoin protocol. This report is an extension to the main audit report and reviews the new Angle staking and surplus extension. The staking functionality has been changed completely. The surplus extension introduces an additional fee in the PoolMaster contract where a part of the profit of a strategy is taken as surplus, converted into the selected token and deposited into the FeeDistributor. The FeeDistributor later distributes to veAngle holders (long term admins).
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the existing system.
Contrary to the extensive documentation which exists for the main Angle Protocol, no documentation exists for the new functionality. This not only makes the understanding of the code more difficult but also prevents this review from cross checking if the implemented behavior matches the expected and documented behavior. Instead we had to make assumptions on the expected behavior. Based on our discussions, we assume that the documentation will be published in a timely manner since the changes impact the agents in the current system, notably the standard liquidity providers.
In the final iteration after the intermediate reports no issues remain open while two issues are acknowledged. The functional correctness is high.
Overall we find that the codebase in its current state provides a high level of security.
About Enzyme Sulu extensions Jan ’22
“Angle is the first over-collateralized, decentralized and capital-efficient stablecoin protocol. Thanks to the liquidity providers it uses, the protocol proposes full convertibility between stable assets and collateral, meaning that it is possible to swap collateral against stable assets, and stable assets against collateral at oracle value. This makes the protocol not only capital efficient but also highly liquid.
Angle Protocol could be used to issue any stablecoin, and will start at launch on mainnet with a stable Euro. Besides creating the first liquid Euro stablecoin, the goal of Angle is to create stablecoins for almost all Forex currencies, including the US Dollar.”
Summary
ChainSecurity reviewed the smart contracts of the Gearbox system. A detailed system description can be found in our report.
All the issues uncovered by the current review have been fixed, except for a low-level design issue which was only partially addressed.
About Gearbox
“Gearbox is a generalized leverage protocol: it allows you to take leverage in one place and then use it across various DeFi protocols and platforms in a composable way. The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.
The core vision is to become a backend composable leverage protocol that all kinds of users have but don’t even need to interact directly with any interface. You can envision building your own DeFi protocol and just making a “take leverage with Gearbox” as a button. And bam – your users are now more capital efficient. Or integrate Gearbox into a platform like Zerion or Zapper.”
Summary
The present report covers the implementation of the extension for UniswapV3-LP, the adapters for PoolTogetherV4 and ParaswapV5, the list attestation for the Address List Registry as well as the Fund Value Calculator and its wrappers. All in all, only minor issues were uncovered which were addressed.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the aforementioned modules to be added to the system of high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions Dec ’21
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
The Direct Deposit Module (D3M) enables the interaction of the Maker ecosystem with third-party lending pools. DssDirectDepositAaveDai is a smart contract of this module that enables the transaction of DAI tokens from Maker to the respective lending pool of Aave. The goal of this smart contract is to ensure that the maximum variable interest rate for borrowing stays below a targeted interest rate decided by the Maker governance. In Aave, the variable interest rate of a pool depends on the utilization of that pool, which is the ratio of the total debt taken over the total liquidity put in the pool. Therefore, the higher the utilization of a pool, the higher becomes the variable interest rate. This strategy motivates liquidity providers to deposit capital in the pool when utilization is high.
The goal of DssDirectDepositAaveDai is to limit the maximum variable interest rate for the DAI pool in Aave by depositing or withdrawing DAI from the pool as needed. To achieve this functionality, the DssDirectDepositAaveDai needs:
- to be an authorized ward in the Vat, and
- operate on a special ilk.
The essential feature of this ilk is that it allows the DssDirectDepositAaveDai to generate DAI tokens on the fly without requiring a traditional collateral in another token. The ilk should have the rate set to 1, and the spot price fixed to 1. Note that, the generated DAI over this ilk can only be transferred to the DAI pool in Aave, hence the ink that the contract has in Vat is backed with the aDAI (interest-bearing token in Aave pegged to the value of DAI at 1:1 ratio) the contract holds. This way, the aDAI amount owned by DssDirectDepositAaveDai in Aave serves as ink in this special ilk for the generated DAI. It is important to note that the Aave pool is fully trusted to behave correctly. Whenever the variable interest rate of the pool is below the targeted threshold, DssDirectDepositAaveDai withdraws (if possible) liquidity from the pool and pays back the DAI debt in Vat and destroys the respective gem amount. Finally, all interests earned in the Aave pool by the contract are transferred to the Vow contract.
About MakerDAO – Direct Deposit Module (D3M)
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
DSS-Charter introduces a permissioned vault manager which allows users to take debts with origination fees instead of standard fees of Maker (stability fee). This is targeted for institution which have off-chain agreements with Maker. The fee is accrued when debt is taken and in exchange those urns feature fix/beneficial lending rates. For this, special ilks (collateral types) will be enabled in the Vat of the Maker system. These ilks use a special join adapter, which is also part of this review (join-managed). The join-managed adapter ensures that entrance/exit of collateral happens through the CharterManager only, and the CharterManager contract ensures that this is done only for urnproxys.
The receiver of the fee in form of generated DAI is the VOW Contract (Settlement Engine).
Anyone may open an urnproxy at the CharterManager contract and deposit collateral in form of a supported ilk. Apart from permissioned vaults, un-permissioned vaults may be supported as well. Note
that, by default the un-permissioned mode is enabled for any ilk where any user is allowed to draw debt. The mapping gate allows wards to enable the permissioned mode per ilk. For ilks with the permissioned mode enabled, only whitelisted accounts, namely accounts that have received a non-zero debt ceiling may draw debt. Attempts of un-permissioned vaults to draw debt for those ilk fails as their debt ceiling is zero.
Joining or exiting collateral and repaying debt (call to frob() with dart less or equal to zero) are indifferent between permissioned and unpermissioned vaults for any ilk. The intended use is that each user executes the DssProxyActionCharter code through his own DSProxy.
Note that it’s nevertheless possible to directly interact with the CharterManager.
About MakerDAO – DSS
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The planned merge of Keep Network (KEEP token) and NuCypher (NU token), will form a new network called Threshold network with a new native token called T. The contracts under review offer KEEP and NU holders to wrap and unwarp their tokens into the newly created T tokens and a staking contract to stake them but simultaneously supports the legacy staking contracts.
About Threshold Network
Threshold Network is a decentralized threshold cryptography network with its genesis in the merger of the NuCypher and Keep networks. It provides developers with a suite of threshold cryptography primitives including threshold signatures, proxy re-encryption, distributed key generation, and a random beacon. It’s used by developers to build asset bridges (such as tBTCv2, a decentralized wrapped Bitcoin) as well as data privacy and access controls into their applications.
Summary
In our initial report, we reviewed the smart contracts of the multiply smart contracts. In this new report, we review an updated version of those smart contracts.
The flashloan provider was replaced to be the Maker Flash Mint Module. Now, instead of the AaveLendingPoolProvider’s address, the address of the flashloan provider is directly passed. However, any address implementing EIP-3165 can be passed as an argument.
Furthermore, the flashloan provider remains fully trusted.
About Oasis Multiply FMM extension
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.”
.png)
Summary
The review up to the intermediate report was done in two phases. After the intermediate report all raised issues have been addressed. Overall, the implementation and its documentation are of a high standard. Apart from the new functionality, the codebase is largely unchanged from the previous release except for some refactoring.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Protocol v4 Sul
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
“Primitive is an oracle-free solution to scalable and efficient on-chain derivatives, reflecting our belief that the future of decentralized finance should not depend on expensive (and often brittle) oracles.”
(Source: Primitive Finance)
About Primitive Finance – Core engine smart contracts
“The features on launch include:
- Concentrated fungible liquidity
- Liquidity pool tokens that replicate covered call options
The protocol can be used for:
- Earning swap fees as a liquidity provider
- Swapping between tokens of underlying pools
- Building structured products using the composable liquidity pool tokens
- Creating liquidity pools for any token pair
Out of the box, Primitive is the base infrastructure for an oracle-free DeFi and the future of on-chain derivatives.”
Summary
NFTfi offers a platform for receiving loans while offering an NFT as collateral. The current system supports peer-to-peer loans. Meaning, a borrower offers an NFT as collateral and a lender transfers ERC-20 tokens to the borrower. In case the payback time is exceeded, the lender has the right to liquidate the loan and withdraw the NFT from the lending contract. Furthermore, renegotiations of the loan terms are possible in the NFTfi Marketplace.
About NFTfi
“NFTfi is the leading peer-to-peer liquidity protocol for NFTs. Since May 2020, it allows NFT holders to use the NFT they own to access the liquidity they need, by receiving secured ETH and DAI loans from liquidity providers peer-to-peer. NFT liquidity providers use NFTfi to earn attractive yields or – in the case of loan defaults – to have the chance to obtain NFTs at a steep discount to their market value.
NFTfi’s vision is to build a fully decentralized, permissionless, user-owner public utility, supporting the seamless financialization of NFT based economies through innovative mechanisms and highly user-friendly applications.”
Source: NFTfi Team
Summary
The Angle Protocol offers investment opportunities for different kinds of actors. The protocol brings together:
- Stable Seekers: Actors looking to exchange a certain collateral token into a stable asset and back at the current market rate
- Hedging Agents: Actors looking for a perpetual future in order to increase the leverage on their collateral
- Standard Liquidity Providers: Actors looking to increase the interest earned by their collateral
The Angle Protocol issues three kinds of tokens:
- Stablecoins such as e.g. AgEur
- SanTokens for Standard Liquidity Providers representing their contribution
- Perpetuals which are technically NFTs
For each Stablecoin (e.g. AgEUR) a StableMaster is deployed. For each StableMaster the supported collaterals can be added individually. For each collateral of a StableMaster, a SanToken and a PerpetualManager are deployed.
Such a market issuing stablecoins must be collateralized at all times. Hedging Agents cover the collateral brought by stable seekers against price decrease. As no perfect match will exist at any time given, standard liquidity providers add additional liquidity in form of collateral while being able to earn interest accrued by the whole amount of this collateral held by this stablemarket. Variable fees play a vital role in the system. Overall the demand between the participants should be balanced for the system to work properly. To achieve this, the fees depend on the current state of the system. Actions balancing the system are cheaper compared to actions bringing the system into an even more unbalanced state where the fees increase accordingly. Many parameters exist for the governance to fine tune the fees system. For the proper working of the system the correct choice of these incentives is vital.
The system is governed by a DAO. Most contracts are upgradable through a proxy pattern.
About Angle Protocol
“Angle is the first over-collateralized, decentralized and capital-efficient stablecoin protocol. Thanks to the liquidity providers it uses, the protocol proposes full convertibility between stable assets and collateral, meaning that it is possible to swap collateral against stable assets, and stable assets against collateral at oracle value. This makes the protocol not only capital efficient but also highly liquid.
Angle Protocol could be used to issue any stablecoin, and will start at launch on mainnet with a stable Euro. Besides creating the first liquid Euro stablecoin, the goal of Angle is to create stablecoins for almost all Forex currencies, including the US Dollar.”
%2520deposit.png){kind=tracking}
.svg)
Summary
ChainSecurity has performed a smart contract audit of POA Network’s SBC deposit (Stake Beacon Chain). The issues identified by ChainSecurity have all been corrected by POA Network.
POA Network offers a Stake Beacon Chain (SBC) deposit contract that is supposed to be used by stakers in the context of a Proof-of-Stake consensus. Stakers will first come to an agreement with a validator node about the amount to stake, then it will deposit the agreed-on stake amount to a deposit contract, such as the one proposed by POA Network.
The contract is based on the original Ethereum 2.0 deposit contract, but SBC Deposit adds extended functionality to it:
- ERC20 deposits: Stakers can deposit ERC20 STAKE tokens instead of native tokens
- batch deposits on top of normal deposits: batch deposits are fixed at 32 STAKE per deposit and normal deposits are floored to 1 STAKE
- support for ERC677: Adds a hook on ERC20 tokens transfer to trigger token receiver
- upgradeability: A proxy pattern is used to have the ability to upgrade the implementation contract
- claimability: An admin is able to withdraw any mistakenly sent non-STAKE tokens (ERC20 or native) in order to give them back to their owners
- contract can be paused: This functionality is only available for the admin
As the original contract, StakeDepositContract implements an incremental Merkle tree algorithm to keep track of the deposits’ history. It can contain up to 2^32 – 1 deposit records and allows root computation in O(log(n)).
About POA Network – “Stake Beacon Chain (SBC) deposit
“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.
POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”
Summary
HOPR is building a privacy-focused network featuring a built-in incentive model. The reviewed HoprChannels contract allows nodes to create a payment channel between each other and authorize transfer of HOPR token between them. These transfers are done via a ticket system, where each ticket has a certain predefined probability to win. Winning causes a transfer of tokens between the channel participants. On a code level the channels are unidirectional, meaning channel “A to B” is not equal to “B to A”.
To keep the whole process fair, the winning probability depends on variables that are unknown in advance. For each ticket emitted by A for the “A to B” channel, B has a commitment that is unknown to A. Meanwhile, B does not know this proof of relay in advance and has to transfer the message further to the network to know it. This process makes HOPR’s proof-of-relay incentive mechanism cheat-proof and ensures relay node operators actually do their work to get paid.
Each of these unidirectional channels has “channelEpoch”, “ticketEpoch”, and “ticketIndex” as associated variables, which the ticket emitter is assumed to take in account during the generation.
About HOPR-Payment Channels
“The HOPR protocol is a layer-0 privacy foundation for anyone to build on, providing network-level and metadata privacy for every kind of data exchange. A mixnet protects the identity of both sender and recipient by routing data via multiple intermediate relay hops that mix traffic. Payments are handled via probabilistic micropayments, HOPR’s custom layer-2 scaling solution. Relay mix nodes are rewarded for their work in HOPR tokens. HOPR’s proof-of-relay mechanism protects the network from dishonest behaviour, providing everyone with economic incentives to run a global privacy network sustainably and at scale without compromising privacy.”For more information, visit https://hoprnet.org
Summary
ChainSecurity audited Curve Finance’s s ETH / ETH smart contract.
The reviewed project consists of one smart contract StableSwapETH.vy written in the Vyper programming language. It implements a liquidity pool based on an invariant called StableSwap and described in Curve’s whitepaper.
About Curve Finance – “Curve ETH / sETH”
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
%2520%25E2%2580%2593%2520NameWrapper.png)
Summary
ChainSecurity audited ENS’ namewrapper smart contracts.
The provided contracts implement a wrapper which allows for ENS names to be wrapped as ERC1155 tokens. Moreover, it introduces a set of fuses for each domain name which facilitate permission control.
About Ethereum Name Service (ENS) – NameWrapper
“The Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain.
ENS’s job is to map human-readable names like ‘alice.eth’ to machine-readable identifiers such as Ethereum addresses, other cryptocurrency addresses, content hashes, and metadata. ENS also supports ‘reverse resolution’, making it possible to associate metadata such as canonical names or interface descriptions with Ethereum addresses.”
Summary
ChainSecurity audited the Oasis “Multiply” smart contracts.
Oasis provides a frontend for interacting with the Maker system which allows users to easily open a vault, deposit collateral and generate DAI backed by the locked collateral. Each user first deploys a DSProxy contract which is used to interact with the functionality provided. The proxy allows the user to execute code of the Oasis smart contracts aggregating functionality to perform certain actions wrapped in one transaction.
Like leverage trading that creates a larger position from a smaller investment amount, it is possible to use borrowed DAI from locked collateral to buy more collateral and use this collateral to borrow more DAI. By doing this repeatedly, long chains of exposure to the collateral can be generated. The new MultiplyProxyActions introduces the support for leverage actions while reducing the number of total transactions to one and the total number of transfers to the vault to one deposit by leveraging flash loans. Oasis’ new MultiplyProxyActions contract contains functionality allowing users to easily increase and decrease the multiply factor and, thus, simplifies actions for creating, withdrawing and modifying leveraged positions.
About Oasis – Multiply Smart Contracts
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.”
Summary
ChainSecurity performed a smart contract audit of MakerDAO Optimism DAI bridge smart contracts.
Amazingly, we identified no findings above low severity, which is an extremely rare occurence.
We congratulate the MakerDAO Protocol Engineering Core Unit for their excellent work.
About MakerDAO – Optimism DAI Bridge
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance. Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.
Summary
ChainSecurity performed a smart contract audit of Rarible’s staking contract, ERC721 token contract, and ERC1155 token contract.
ERC 721 and ERC1155
The ERC721 and ERC1155 contracts are build using OpenZeppelin’s upgradeable token templates. The following additional functionality was implemented:
- Multiple creators. A minted token is associated with one or multiple creators, namely the addresses that signed the minting data. Each creator of a token owns a share of it. The shares of a token need to add up to 10000, which represents 100% with 2 decimal places of precision.
- Mint and transfer. The function mintAndTransfer receives the minting data and signatures of creators, and then mints and transfers a token within the same contract call. The first creator of the token is the minter of the token. The mintAndTransfer function needs to be called by the minter or by a party approved by the minter.
- Default operators. The owner of the contract can assign the role of default operator. A default operator can transfer tokens of any user of the contract without prior approval from the user. The approval of a default operator cannot be revoked, and they can mintAndTransfer tokens on behalf of any minter.
There also a “User” version of the ERC721 and ERC1155 token contracts that does not have the “default operator” functionality. According to Rarible., these contracts are meant to be deployed using a proxy factory. They enable users to have their own contracts with the mintAndTransfer functionality. The minter of tokens on these contracts can only be the owner of the contract.
Staking contract
Staking contract allows users to lock ERC20 tokens for a period of time. The smallest unit of time that the contract tracks is one week. Each individual stake is identified by an ID and consists of 2 lines. The first
line is the lock line and it is defined by the following 3 parameters:
- Bias – the amount of tokens that the user locks inside the contract.
- Slope – the mount of tokens that are unlocked every week.
- Cliff – the period (in weeks), during which there is no unlocking.
The second line is the stake line, which equals the lock line scaled (multiplied) by a coefficient. That coefficient is computed based on cliff and slope period durations of the lock line. The longer any of the
two periods is, the greater the scaling coefficient will be. Each unique stake is associated with an owner and a delegate addresses. The delegate address is the address whose stake balance is increased by the
stake line of the given stake. The stake balance of the delegate address is the sum of all stake lines of all stakes that are delegated to it. The owner of a line can do following actions with the lock lines:
- Change the delegate of a stake line using the delagateTo function.
- Delete an existing lock line (identified by its ID), as well as update a lock line with a new bias and slope, provided that the bias is above the current locked amount and the new line terminates no earlier than the original line. That can be done by using restake function.
- Withdraw the already unlocked funds from all owned stakes.
The amount still locked is determined by the sum of all lock lines owned by address. The staking is assumed to be done with the Rari ERC20 token . The staking contract can be stopped by the contract’s owner. After stopping, no stakes can be created or changed. Users can withdraw all the tokens that they had in the contract. The contract’s owner can put the staking contract into a migration mode. In this mode stakes can be created and changed, but the user can also migrateTo specific ID stakes into a new contract.
About Rarible – Staking, ERC 721, ERC 1155
“Rarible is a software allowing digital artists and creators to issue and sell custom crypto assets that represent ownership in their digital work.
Of note, Rarible is both a marketplace for those assets, as well as a distributed network built on Ethereum that enables their trade without a middleman.
The tokens that creators generate on Rarible are known as non-fungible tokens (NFTs). Each NFT is unique, and unlike bitcoins (or other units of money), they are not interchangeable. This property is known as fungibility, which is why tokens on Rarible are called non-fungible.”
Summary
ChainSecurity performed a smart contract audit of the HOPR token smart contracts.
The HOPR token implementation extends the ERC777 with a snapshot ability. Because of the data types employed, a maximum of 3.4*10^20 tokens (with 18 decimals) can exist. An additional distribution contract manages different vesting schemes. The token must be minted via a minter role, since the distribution contract calls the mint function to distribute the token. Additionally, a default admin role exists to grant permissions to the minter role. The token distribution is flexible and one account can be part of different distribution schemes.
No critical severity findings were reported. There were two high severity findings, one medium severity finding and six low severity findings. All have now been fixed in the code, with the exception of one low severity finding related to theoretical snapshotting gas costs, where the risk has been temporarily accepted.
See the report for more information on our findings.
About Hopr – Hoprnet Token
“The HOPR protocol is a layer-0 privacy foundation for anyone to build on, providing network-level and metadata privacy for every kind of data exchange. A mixnet protects the identity of both sender and recipient by routing data via multiple intermediate relay hops that mix traffic. Payments are handled via probabilistic micropayments, HOPR’s custom layer-2 scaling solution. Relay mix nodes are rewarded for their work in HOPR tokens. HOPR’s proof-of-relay mechanism protects the network from dishonest behaviour, providing everyone with economic incentives to run a global privacy network sustainably and at scale without compromising privacy.”For more information, visit https://hoprnet.org
Summary
ChainSecurity performed a smart contract audit of POSDAO, with a main focus on the configuration for the xDAI POSDAO AuRa implementation.
The smart contracts reviewed implement the configurable logic for the operation of a POSDAO network. The actual configuration implemented corresponds to the settings for the xDAI POSDAO AuRa network. These smart contracts are used by the client software (currently OpenEthereum or Nethermind) to determine how to run the proof of stake network. Amongst others, this includes the logic to determine the set of active validators and the block rewards. The client software is configured accordingly through the genesis configuration of the chain and the core smart contracts expose standardized functions which the client queries. A staking contract deployed on chain allows participants to stake (either the native coin of the chain or tokens, depending on configuration) and to participate in the consensus.
See the report for more information on our findings.
About POA Network – POSDAO
POSDAO is a project from POA:
“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.
POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”
Summary
ChainSecurity performed a smart contract audit of Rarible Exchange v2.
Exchange V2 implements two main functionalities: order matching (matchOrder) and order cancellation (cancelOrder).
When a pair of valid orders is matched, at least one of the orders gets fully filled. Then, the fees and royalties are paid to the corresponding parties. The filling of the order is measured by the received take asset of the order. Due to flooring of the estimation of the remaining make amount from remaining take amount, some leftover make assets can be unsellable. Depending on the arrangement of arguments, the two orders of the pair are named Left and Right. An order is valid if its signature is valid or the invoker of the matchOrder is also the maker of the order.
A pair of orders is matchable if:
- For both orders, the receiver (taker) of the order, if defined, is the same as the offerer (maker) of the other one. If no taker is defined any offerer can match.
- The asset types used in the orders match, meaning the make asset type of one order should match the take asset type of other order.
- The make/take ratios of orders allow them to be filled. In other words, the seller and buyer can agree on the price. In case of matchable but different prices the left order dictates the price of the exchange. Because of the uint arithmetics, prices are estimated by uint and checks prevent price slippage with 0.1% accuracy.
The orders can be separated into two categories:
- Salted orders: In these orders a salt (a random number) is defined. The status of these orders is stored on the blockchain. An order can be partially filled. These orders can be canceled.
- Ad-hoc orders: they have salt set to 0 and need to be sent to contract directly by the maker. Filling degree tracking is off for such orders, while only the maker can resubmit the order.
A normal order is canceled by setting its filling degree to the maximum possible value. Cancellation of the order is possible only by the maker of the order.
About Rarible – “Exchange V2” smart contracts
“Rarible is a software allowing digital artists and creators to issue and sell custom crypto assets that represent ownership in their digital work.
Of note, Rarible is both a marketplace for those assets, as well as a distributed network built on Ethereum that enables their trade without a middleman.
The tokens that creators generate on Rarible are known as non-fungible tokens (NFTs). Each NFT is unique, and unlike bitcoins (or other units of money), they are not interchangeable. This property is known as fungibility, which is why tokens on Rarible are called non-fungible.”
Summary
The Unslashed-Enzyme Bridge system has been audited by ChainSecurity. The smart contract reviewed implements a bridge between Unslashed and Enzyme.
Enzyme is an on-chain asset management system supporting interactions with all major DeFi applications. Unslashed is a decentralized insurance protocol supporting many different markets. Furthermore, it allows for multiple markets to be bundled in a basket. This enables users to provide collateral for the whole basket instead of individual markets.
Read our report to find out more.
About “Unslashed Enzyme Bridge”
“Enzyme empowers you to build and scale vaults based on the investment strategies of your choice – from discretionary and robo to ETFs and market making. Security is our priority. Our second generation smart contract-enforced platform is thoroughly tested and audited before any mainnet deployments are made.”
Summary
ChainSecurity performed a smart contract audit of POSDAO, with a main focus on the configuration for the xDAI POSDAO AuRa implementation.
The smart contracts reviewed implement the configurable logic for the operation of a POSDAO network. The actual configuration implemented corresponds to the settings for the xDAI POSDAO AuRa network. These smart contracts are used by the client software (currently OpenEthereum or Nethermind) to determine how to run the proof of stake network. Amongst others, this includes the logic to determine the set of active validators and the block rewards. The client software is configured accordingly through the genesis configuration of the chain and the core smart contracts expose standardized functions which the client queries. A staking contract deployed on chain allows participants to stake (either the native coin of the chain or tokens, depending on configuration) and to participate in the consensus.
See the report for more information on our findings.
About POA Network – OmniBridge
“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.
POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”
Summary
The suite of contracts implement a Dynamic Market Maker (DMM) based on UniswapV2. The main changes are the use of an amplification model for the pools inventory function and fees based on the recently traded volume.
Our main concerns are around the implementation of the amplification model. The paper Amplification Model describes the model in detail, however, only covers the cases when trades and contribution of liquidity are done in a balanced manner in regard to the pools tokens. The actual implementation, however, allows unbalanced contributions. Three issues raised in the report are connected to unbalanced contributions.
One medium severity security issue has been identified during the assessment. Additionally one medium severity correctness issue and one medium severity as well as several low severity design issues have been reported
About KyberSwap Classic
“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.
Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”
(Source: Kyber Network media kit, April 2021)
Summary
The Maker protocol Liquidations 2.0 smart contracts have been audited by ChainSecurity.
Liquidations 2.0 for multi collateral DAI has been developed to mitigate uncovered shortcomings in the previous liquidation system. The most notable change from the previous version is the move from English to Dutch style auctions. The resulting single block composability allows anyone to participate in the liquidation without capital constraints by leveraging flash-loans. Contrary to the old system, partial liquidations no longer exists except under special circumstances. Keepers, responsible to initiate the liquidation of undercollateralized vaults have no first mover advantage anymore in the auction, hence a new incentive scheme has been introduced.
ChainSecurity uncovered 4 medium severity and 6 low severity findings, all of which have been addressed by Maker.
About MakerDAO
The Maker Foundation is tasked with bootstrapping MakerDAO to fuel growth and drive the organization toward complete decentralization. While the Foundation provided development support through the launch of Multi-Collateral Dai (MCD), it is currently spearheading efforts to decentralize development. MakerDAO governs the Maker Protocol by deciding on key parameters (ie. stability fees, collateral types and rates) through the voting power of MKR holders holders.
Summary
CoreLedger developed a universal system for fungible and non-fungible asset tokenization and trading. CoreLedger engaged ChainSecurity Ltd to perform multiple security audits of their Ethereum-based smart contract system. ChainSecurity Ltd audits consist of a thorough manual code review by leading experts to ensure the highest security standards. CoreLedger supported ChainSecurity Ltd professionally and provided documentation for the project.
During the audits, ChainSecurity Ltd was able to help CoreLedger in addressing several security, trust and design issues of different severity which were laid out and submitted to CoreLedger in a detailed audit report. ChainSecurity Ltd advised on ramifications of planned improvements to the contracts by CoreLedger.
All reported issues have been fixed, addressed or acknowledged by CoreLedger. In particular, all code related issues have been eliminated with appropriate fixes to the smart contracts.
ChainSecurity Ltd thanks CoreLedger for the opportunity and trust to audit their unique tokenization and trading system. Furthermore, we thank CoreLedger for the nice and professional support while performing the audit.
About Coreledger
CoreLedger provides a decentralized, modular, and extensible operating system for token economies, designed for all types of assets and services. The company’s core product is the TEOS Active Sandbox which enables companies to affordably and safely trial blockchain solutions for R&D purposes, or to rapidly develop a functioning proof-of-concept. It’s an industry first solution and is absolutely the easiest, cheapest way for businesses to get started using blockchain. The TEOS Active Sandbox also features CoreLedger’s full suite of white label products, so that companies can seamlessly scale up and capture market opportunities. CoreLedger was founded in 2017 by a group of Crypto Valley professionals, and has offices in Liechtenstein and Switzerland.
Summary
CHAINSECURITY audited the smart contracts which are going to be deployed on the public Ethereum chain. Audits of CHAINSECURITY use state-of-the-art tools for detection of generic vulnerabilities and checks of custom functional requirements. Additionally, a thorough manual code review by leading experts helps to ensure the highest security standards. During the audit, CHAINSECURITY was able to help REN in addressing several security, trust and design issues of high, medium and low severity. The employed coding practices and partial documentation increased the complexity of the audit.
All reported issues have been addressed by REN. CHAINSECURITY has no further concerns regarding the audited smart contracts.
About REN Smart Contracts
The smart contracts of REN are used for certain features of the REN system. Namely, darknode registration, payments, and cross-chain token swap.
Summary
CHAINSECURITY audited the smart contracts which are going to be deployed on the public Ethereum chain. Audits of CHAINSECURITY use state-of-the-art tools for detection of generic vulnerabilities and checks of custom functional requirements. Additionally, a thorough manual code review by leading experts helps to ensure the highest security standards. During the audit, CHAINSECURITY was able to help REN in addressing several security, trust and design issues of high, medium and low severity. The employed coding practices and partial documentation increased the complexity of the audit.
All reported issues have been addressed by REN. CHAINSECURITY has no further concerns regarding the audited smart contracts.
About Ren smart contracts
The smart contracts of REN are used for certain features of the REN system. Namely, darknode registration, payments, and cross-chain token swap.
.svg)
Summary
Unstoppable Domains engaged ChainSecurity Ltd to perform a security audit of Dot Crypto, an Ethereum-based smart contract system. The Dot Crypto smart contracts of Unstoppable Domains implements an on-chain naming system similar to ENS. Each Domain and subdomain is represented by an ERC721 token. Minting of SLDs can only be performed by Unstoppable Domains, it is centralized.
ChainSecurity Ltd audited the smart contracts which are going to be deployed on the public Ethereum chain. During the audit, ChainSecurity Ltd helped Unstoppable Domains to tackle several security, trust and design issues of high, medium and low severities. All reported issues have been fixed or acknowledged by Unstoppable Domains. ChainSecurity Ltd has no further security concerns regarding the project.
About Unstoppable Domains – Dot Crypto
Unstoppable Domains is building Domains on blockchains. The company builds and launches it’s own domain extensions (like .com or .info) and sells domains direct to consumers at unstoppabledomains.com. The company also has a Library & API so that wallets and other apps can offer blockchain domain resolution to their users.
.svg)
Summary
The Web3 Foundation engaged ChainSecurity Ltd to perform a security audit of Polkadot Claims, an Ethereum-based smart contract that will allow holders of the DOT allocation indicator token to claim their balances of DOTs to a Polkadot public key ahead of Polkadot’s genesis.
The state of the Claims contract will be used to initialize the genesis of Polkadot, including the Polkadot public key to associate to a specific allocation, the index of the public key, and the vesting status of the allocation. Due to the importance of this data, the security of the Claims contract was considered of utmost importance. To address this, ChainSecurity Ltd was tasked to formally verify the correctness of the contract’s code, especially with respect to critical requirements, such as ensuring immutability of the state of the contract after claims have taken place.
To guarantee that the Claims contract is secure and functionally correct, ChainSecurity Ltd formally verified the contract’s code. In more detail, the security audit consisted of:
1) Formalizing 12 critical functional requirements pertaining to the immutability of the state after the initialization, access-control requirements, and the safety of the contract set-up period;
2) Formally verifying the correctness of the Claims contract with respect to the formalized properties. Verification was carried out using VerX, ChainSecurity Ltd’s state-of-the-art verifier for smart contracts;
3) Analyzing the Claims contract for generic security vulnerabilities using Securify, ChainSecurity Ltd’s state-of-the-art security scanner;
4) A thorough manual audit of the Claims contract for compliance with best security practices.
During the audit, ChainSecurity Ltd found 0 critical, 0 high, 2 medium and 9 low severity issues. All reported issues have been addressed or acknowledged by the Web3 Foundation. In particular, all security and design issues have been resolved with appropriate code fixes. The audit report describes the fixes that were applied to each issue and the reasoning of the Web3 Foundation behind them.
About Polkadot Claims
The Web3 Foundation was created to nurture and steward technologies and applications in the fields of decentralised web software protocols, particularly those which utilize modern cryptographic methods to safeguard decentralisation, to the benefit and for the stability of the Web3 ecosystem. Learn more about the Web3 Foundation at https://web3.foundation/.
The first project of the Web3 Foundation is Polkadot. Polkadot is a protocol that allows independant blockchains to exchange information under the protection of shared security. To learn more about the project go to https://polkadot.network/.
Summary
STOKR is an online, peer-to-peer interface based on smart contracts on the Ethereum blockchain. STOKR enables ventures to create projects and investors to invest into these projects. For this purpose STOKR implemented a system which has built-in features to support investors and ventures.
Each project launched on STOKR’s platform has a crowdsale contract to manage the sale of a dedicated security token with profit sharing and a global whitelist. Thus, only whitelisted investors can invest. The profit sharing schemes distributes all deposited profits among the token holders according to their token balance at the time of deposit. A user’s profit share is tracked automatically and can be withdrawn at any time using the corresponding function. The crowdsale has multiple configurable parameters such as an individual purchase cap or start and end times. In case a crowdsale, doesn’t reach its defined investment goal, then all investor can obtain a refund. In case of a successful crowdsale, investors can withdraw their tokens after the completion of the crowdsale.
ChainSecurity Ltd analyzed STOKR’s smart contracts using a variety of tools for automated security analysis of Ethereum smart contracts, including Securify and manual expert review.
Overall, ChainSecurity Ltd found that STOKR has a well written code and extensive tests with 100% code coverage. ChainSecurity Ltd did not find major flaws. Nonetheless, ChainSecurity Ltd raised some minor issues and suggestions. These issues were all acknowledged or duly fixed in a professional manner.
About STOKR
STOKR is an accessible and easy to use peer-to-peer interface that allows innovative ventures to raise funds from everyday investors in order to finance forward-thinking ideas, powered by the Ethereum blockchain.
STOKR will provide a web-based interface that will allow ventures to present their businesses in a transparent and compelling way for any potential investor. Through an EU-compliant tokenisation of securities (also known as STOs), everyday investors can directly fund innovative start-ups and SMEs in return for a share of the venture’s future profits.
Learn more about the STOKR project at https://stokr.io/.
Summary
iExec provides a fully decentralized solution where providers of applications, datasets, and computational power can meet users. Due to its decentralized nature and the use of smart contracts, there is no need to rely on any one single agent. The new version of iExec introduces Proof-of-Contribution (PoCo). Honest contributions are ensured by staking, because bad actors will lose their stake. User interaction happens through the iExec market front-end. Users buy computational resources with specific apps and, if needed, datasets, while worker pool owners sell computational power. Payment and staking are carried out with RLC tokens. The user creating an order can set the confidence level desired; this corresponds to a minimum correctness likelihood that the result achieves.
The audit of iExec v3 smart contracts focused on verifying a set of invariants, both provided by iExec and augmented by ChainSecurity Ltd. The audit did not include a manual code review beyond the specified invariants, and therefore it is possible that unintended behavior not covered by the invariants is present in the contracts. Overall, ChainSecurity Ltd found that iExec employs good coding practices and has a clean, well-documented code. ChainSecurity Ltd raised minor security and design issues, all of which have been fixed in the latest code commit.
About iExec v3
iExec is a decentralized marketplace for computing resources. It allows individuals and enterprises to monetize their applications and datasets, and to trade computing power.
iExec is an open market. Cloud providers and requesters transact directly in a peer-to-peer network, free of any central authority. The company develops the technology and protocols that organize the exchanges between stakeholders, with the maximum level of trust, security and flexibility. To do so, iExec leverages blockchain technology, distributed computing and trusted execution environments (TEE). Payments between stakeholders are made in RLC, iExec’s cryptocurrency.
Learn more at iex.ec.
%201%20(1)%201.svg)
Summary
The Melon Protocol smart contracts have been audited manually by security experts and using automated security tools for Ethereum smart contracts. The initial audit involved 4 auditors over a period of 2 weeks from 28 January to 11 February, followed by reviewing code updates delivered between 12 February and 22 February. On request of Melonport ChainSecurity Ltd reported critical and high severity issues on an ongoing basis during the audit to facilitate quick remediation.
During the audit process and the code update review process the following issues have been reported:
- Security: two critical, three high, five medium, and nine low severity issues
- Trust: six medium severity issues
- Design: three medium and six low severity isues
Out of these, all critical and high severity issues have been fixed. Most medium and low severity issues have been fixed or addressed.
The project is complex, each fund consists of several contracts which interact with external exchanges and tokens. Security audits of such systems cannot guarantee absence of errors.
About Melon Protocol
Melonport is the private company building the open-source Melon Protocol. The Melon protocol is a blockchain protocol for digital asset management built on the Ethereum platform. It enables participants to set up, manage and invest in digital asset management strategies in an open, competitive and decentralised manner.
Learn more bout Melonport at melonport.com
.svg)
Summary
TenX introduces a security token. The token implements the ERC-20 and ERC-1400 (ERC-1644 and ERC-1594) specifications. It grants the right to receive Y% (Y = amount TENX tokens owned by an account / total amount of TENX tokens) of the PAY tokens which are deposited in the rewards contract by TenX. An eligible user can withdraw his share of PAY token from the reward contract. A user is eligible if he passed KYC and held TENX token when the deposit was made.
The new token standard (ERC–1400) which TenX uses is currently in development and thereby subject to changes. Therefore, ChainSecurity Ltd recommends TenX to track the latest developments related to this standard.
The TenX smart contracts have been analyzed with state-of-the-art tools for verification of generic vulnerabilities and custom functional requirements. During this process, ChainSecurity Ltd found several issues of different severity (see report for full details). All reported issues were then dully acknowledged and addressed by TenX.
About TenX
TenX is a Singapore-based blockchain company that makes cryptocurrencies spendable on-the-go. The TenX payment system includes the TenX Wallet that can be funded with different cryptocurrencies (available on iOS and Android) and the TenX Card, which can be used in almost 200 countries.
Find out more at tenx.tech.
Summary
During the investigation ChainSecurity Ltd noted that the project is of high quality, employs good coding practices and has clean code. Despite the system’s complexity the DAO maintain a clear overall structure thanks to the high degree of modularity and low coupling between components.
The system’s specifications were verified against a set of general and adversarial assumptions and an attacker model. As a result ChainSecurity Ltd was able to uncover several security vulnerabilities of varying severity as well as propose design optimizations and improvements. Most notably, a missing verification check would allow beneficiaries to redeem their reputation multiple times.
Finally, ChainSecurity Ltd remarks that all vulnerabilities and issues were professionally and swiftly addressed by the DAOstack team leading to a more resilient, efficient and secure system.
About DAOstack v2
DAOstack powers decentralized companies, funds and markets to make fast and innovative decisions at scale. It’s a platform for decentralized governance that enables collectives to self-organize around shared goals or values, easily and efficiently. DAOstack is sometimes called an operating system for collective intelligence, or a Wordpress for DAOs.
Find out more about DAOStack at daostack.io
.svg)
Summary
The DAO voting system itself turned out to be well implemented and of high quality, in its functionality mostly following the previously published Governance whitepaper. A high degree of modularity was achieved in the code base introducing a clear overall structure.
Nonetheless, ChainSecurity Ltd managed to uncover several vulnerabilities and propose design improvements. Most notably, an unfortunately still common misuse of the EXTCODESIZE was originally present: Namely, using this opcode to detect that the message sender or transaction initiator is not a contract account, but an externally owned account. Given that such checks can be easily circumvented, this restriction cannot be relied upon to enforce proper access control even though there may be benign use cases. For more information of this,we are glad to point to the Smart Contract Best Practices to which ChainSecurity Ltd contributed for this issue.
As for the roles present in the DAO system, these distinguish mainly between the Digix administrative roles, initiators of proposals which are to be voted on by other users and finally the voters themselves. An overview of the roles and their conditional rights is provided in the
introductory section of the audit report.
Finally, ChainSecurity Ltd remarks that all vulnerabilities and issues were professionally and swiftly addressed by the Digix team and we are now curiously following further development and adoption of the project.
About Digix
Digix is one of the world’s first Smart Asset companies and aims to be the leading brand in tokenizing the world’s tangible assets.
Learn more about Digix Dao at https://digix.global/dgd/
.svg)
Summary
Switcheo is creating a decentralized exchange (DEX) where users can trade Ether and any ERC20 tokens. Before being able to trade on the exchange, users have to deposit their ETH and/or ERC20 tokens to the Switcheo platform. To initiate transactions, users have to first sign the trade data off-chain. This signed data is then sent to Switcheo, which initiates transactions on the DEX on users’ behalf.
ChainSecurity Ltd analyzed the Switcheo smart contracts under different aspects, with a variety of tools for automated security analysis of Ethereum smart contracts, including Securify, and manual expert review. Overall, we found that Switcheo employs good coding practices and has a clean code base. Nonetheless, ChainSecurity Ltd was able to uncover several security, design, and trust issues that were successfully mitigated or addressed by Switcheo before deployment.
About Switcheo
Switcheo Network is the first decentralized exchange on the NEO blockchain which now allows trading of Ethereum and NEO tokens. Switcheo’s goal is to achieve a DEX network with cross-chain swapping capabilities across popular blockchains, with a focus on delivering a world-class trading experience in a trustless and decentralized environment.
Find out more about the project at https://switcheo.network/.
Summary
When contracted by STACK, ChainSecurity Ltd conducted an extensive review of STACK’s multi-token smart contracts with the help of several (internal and external) tools. Throughout this process, multiple issues including two critical security issues were uncovered. All of the security issues were promptly addressed by STACK and pose no further security threat.Furthermore, in cooperation with ChainSecurity Ltd, STACK made additional optimizations to the contracts’ design and their trust model resulting in a more efficient and more trustworthy set of smart contracts.
About STK
STACK is a new personal finance platform, built on the idea that using your money should be free. Universally accessible, STACK is an alternative to traditional banking that allows you to store your money safely, access it instantly and transact with it anywhere, in any currency including crypto, right from your smartphone. The STK Token will provide instant cryptocurrency payments at point of sale, enabling seamless integration of cryptocurrency into everyday transactions and financial services in the STACK wallet. The STK token will be implemented on the public Ethereum blockchain as an ERC20 token.
Find out more about STACK at stktoken.com.
Summary
Republic Protocol is a decentralized open-source dark pool protocol facilitating atomic swaps between cryptocurrency pairs across the Bitcoin and Ethereum blockchains. Trades are placed on a hidden order book and are matched through an engine built on a multi-party computation protocol. While the order matching engine is placed off-chain, trade orders themselves are first encrypted and committed on-chain and then later revealed after matching. This ensures that once the information becomes public the trade already happened and allows to monitor matching nodes for malicious activity and retrospectively challenge their bond when they were misbehaving.
Our audit investigated the Republic Protocol itself, which allows for custom settlement solutions to be used by future participating brokers, as well as the reference implementation of a full Dark pool by the team called RenEx. During the investigation ChainSecurity Ltd noted that the project is of high quality, employs good coding practices and has clean, well-documented code which is impressive considering the complexity of the project.
While the audit was scoped, a specification covering core parts of the system was derived by both teams and verified under a set of general and adversarial assumptions and an attacker model. All of the previous is clearly defined in the whitepaper and audit report. ChainSecurity Ltd was able to propose several design optimizations and improvements, but more so uncover several vulnerabilities of varying severity. These were swiftly reviewed and addressed by the Republic Protocol team, leading to a more resilient, efficient and secure system.
We are excited to follow the further development of the Republic Protocol and the adoption of their trading pools.
About Republic Protocol
Republic Protocol is a dark pool platform designed for trading large volumes of cryptocurrencies.
Ren is powered by a decentralized network of Darknodes that use secure multiparty computation to run privacy preserving applications. Using it, they are building hidden order books and privacy preserving settlement layers.
Dark pools built on Ren are the first in the history of financial markets that are mathematically provable to be fair.
Find out more here: https://renproject.io/
.png)
.svg)
Summary
WBTC is an ERC20 token that represents Bitcoin as an (extended) ERC20 token on the Ethereum blockchain, where 1 BTC equals 1 WBTC token. The involved entities are at least one custodian (the current setup is tailored to exactly one) and multiple merchants. The whole system has in general two main tasks:
- Minting WBTC:
If a matching amount of BTC is locked at a custodian’s account (on the Bitcoin blockchain), the corresponding amount of WBTC tokens is minted (released) to the merchant (on the Ethereum blockchain). - Burning WBTC:
When a merchant wants to convert his WBTC tokens back into BTC, he places a burn request (the specified amount of WBTC tokens are burned). If successful, the custodian sends the merchant the requested amount of BTC (on the Bitcoin blockchain).
To accomplish a Bitcoin-to-WBTC swap and back, a merchant sends BTC to a custodian. The custodian confirms that this merchant has deposited a certain amount of BTC on the Bitcoin blockchain. A matching amount of WBTC is then minted by a custodian and can be used by the merchant. Accordingly, if a merchant wants to swap back the WBTC to BTC, the merchant files a request to burn the WBTC. The custodian transfers the BTC back to the merchant, if the burning of the WBTC was successful.
Overall, the smart contracts request and record the transaction details on the Ethereum blockchain. Actual transactions of BTC are happening on the Bitcoin blockchain. Other tasks include managing (adding/removing) merchants and custodians.
Our audit investigated the code implementation issues arising from the management of merchants and custodians, as well as from the minting, transferring, and burning of the WBTC token on the Ethereum blockchain.
Overall, the ChainSecurity Ltd team found that Wrapped Bitcoin is a very well-coded smart contract with clean documentation. During the audit, we detected two security issues concerning (1) the pausing of the minting/burning process (2) and a possible hash collision. The hash collision was possible due to using abi.encodePacked() instead of abi.encode(). Chainsecurity also highlighted relevant trust assumptions arising from the overall system setup. WBTC addressed, acknowledged or fixed the raised issues. Therefore, ChainSecurity Ltd sees no remaining security issues in the current version.
About Wrapped Bitcoin (WBTC)
WBTC (Wrapped Bitcoin) will launch as a fully backed Bitcoin ERC20 token on Ethereum in January 2019. The initiative will bridge Bitcoin liquidity and the decentralized ecosystem on Ethereum, enhancing all decentralized applications. WBTC will allow the Ethereum network to be leveraged to enable new applications and use cases for Bitcoin.
WBTC is a community focused initiative and is the culmination of a long-standing joint effort relationship between BitGo, Kyber Network, and Republic Protocol. Prominent decentralized exchanges and financial projects, including MakerDAO, Dharma, Airswap, IDEX, Compound, DDEX, Hydro Protocol, Set Protocol, Prycto, RadarRelay, Blockfolio and Gnosis have all committed to support the adoption of WBTC and will participate as launch members.
For more information please visit www.wbtc.network
Summary
The stablecoin is collateralized 1:1 by the US Dollar and its implementation is realized as a ownable ERC20 token. Paxos Standard 18-decimal PAX is designed to be upgradeable, using the ZeppelinOS Upgradeability with unstructured storage library for this purpose.
ChainSecurity Ltd analyzed the Paxos Standard smart contracts under different aspects, with a variety of tools for automated security analysis of Ethereum smart contracts including Securify and manual expert review.
Overall, the ChainSecurity Ltds auditors found that Paxos employs good coding practices and has clean, well-documented code, which is well covered by a corresponding test suite. Nonetheless, ChainSecurity Ltd was able to uncover several minor issues and vulnerabilities related to the Security and Design of the system which Paxos successfully addressed and resolved before launch. The successful collaboration between the Paxos and ChainSecurity Ltds teams improved the overall security and reliability of the Paxos standard.
About Paxos
Paxos is building a future where all assets — from money to commodities to securities — will be digitized and can move instantaneously, 24/7. Settlement risk will cease to exist, so trillions of dollars of trapped capital can go to work in a global, frictionless economy. Today, as the first regulated Trust company with blockchain expertise, Paxos is uniquely positioned to mobilize and custody assets digitally. Visit www.paxos.com for more information on Paxos and its institutional-grade products like Paxos Standard token and Paxos Confirmation Service for precious metals.
Summary
POA Network is building a Proof of Authority sidechain to Ethereum to facilitate secure, fast, and cheap transactions while being fully compatible with the existing Ethereum ecosystem. A cross-chain bridge allows easy transfer of tokens from a POA Network chain onto the main Ethereum chain and vice-versa. The POA Network system consists of many connected open-source components. Smart contracts form the core and give strong guarantees, dApps and APIs allow for easy access and a custom parity client is running an efficient Proof of Authority based version of Ethereum using the Aura consensus. The audit focused on the core part, the smart contracts deployed on POA Network.
Our audit investigated technical issues such as the initialization of keys and their distribution, the requirements of the validator set, and the upgradability of the smart contracts. We also looked into the reward system and the overall governance to check their soundness and design.
Overall, the ChainSecurity Ltd team found that POA Network is a very well-coded complex system with clean documentation. During the audit, several issues have been found by ChainSecurity Ltd and successfully addressed by POA Network. ChainSecurity Ltd sees no remaining security issues in the current version.
About POA
POA Network is an Ethereum-based platform that offers an open-source framework for smart contracts. Towards the end of 2017, POA Network launched its own blockchain utilizing a new and unique consensus mechanism known as Proof of Authority (POA). POA leverages an independent group of validators who are all licensed public notaries around the United States which increases security while enabling a method of governance on the blockchain. POA Network is scalable, secure and cheaper than other projects, aiming to provide a platform for small and medium sized organizations.
For more information please visit https://poa.network/
Summary
Kyber is building The Decentralized Liquidity Network that powers instant and seamless inter-token transactions between platforms, ecosystems, and other use cases. By allowing open contribution of liquidity from token holders and easy integration from DApps and projects to leverage the contributed liquidity pool, Kyber enables a more connected tokenized world where tokens are liquid and useful.
These interesting properties of Kyber’s platform make the smart contract security non-trivial. Kyber has a detailed trust model that combines upgradability and trustworthiness, an achievement that is rarely seen. In particular, users are protected by the proxy contract from misbehaving administrators or exchanges. This is because the proxy contract enforces a minimal conversion rate while still allowing upgrades to the underlying business logic.
Overall, the ChainSecurity Ltds team found that Kyber’s platform is well-designed. Moreover, the implementation of the smart contracts is clean, follows best practices and guidelines, and comes with an extensive test suite. During the security audit, the ChainSecurity Ltds team made several minor recommendations, which have been addressed by the Kyber team and so we see no remaining security issues.
About
Kyber is a decentralised exchange which provides a seamless user experience with high security. Kyber guarantees liquidity, allowing users to convert or transfer tokens instantly. Users can trade directly from their wallet, without having to register or deposit beforehand.
Learn more about Kyber at kyber.network.
Summary
The iExec smart contracts constituting the Proof-of-Contribution protocol have been analyzed under the agreed upon specification, with different tools for automated security analysis of Ethereum smart contracts and manual review. The issues listed in this report result from ChainSecurity Ltd’s verification of this specification and should not be considered exhaustive.
While we found that iExec employs good coding practices and has clean, well-documented code, the current Proof-of-Contribution implementation has a model that places trust in external contracts and key roles, introducing several issues.
For details please see the full technical report.
About iExec
iExec is inventing the internet of the future by developing the first Blockchain-based, fully decentralized cloud computing platform. iExec aims to provide blockchain-based distributed applications a scalable, secure and easy access to the computing resources required for their execution. It uses the blockchain to organize a market network where everyone can monetize their servers, applications, and data-sets.
Summary
ChainSecurity Ltd. has analyzed Zilliqa’s smart contract and has found no major technical vulnerabilities or shortcomings. The ZIL smart contract contains the necessary token functionality. Zilliqa has additionally addressed the minor shortcomings that were uncovered during the report and has even implemented some of the recommendations.
About Zilliqa
Zilliqa is a new public blockchain platform for high-throughput applications. It brings the theory of sharding to practice with its novel protocol that increases transaction rates as its network expands. The latest experimental results demonstrate a throughput of more than 2,400 transactions per second, which is over 200 times higher than that of today’s popular blockchains. The platform is tailored towards enabling high-throughput data-driven decentralized apps, designed to meet the scaling requirements of applications in areas such as digital marketing, payment, shared economy and rights management. Zilliqa has been under research and development for two years, with several commercial applications in different sectors.
.svg)
Summary
Augur is a decentralized prediction market that runs on top of the Ethereum blockchain. The Augur platform estimates the probability of future events based on votes casted by users, thereby leveraging the wisdom of the crowd principle. Users are rewarded whenever they make correct predictions
The scope of the security audit conducted by ChainSecurity Ltd. was restricted to scanning of the contracts for generic security issues using automated systems and manually inspecting the results, followed by 32 hours of manual audit of the contracts for security issues.
About Augur
Augur is a decentralized prediction market that runs on top of the Ethereum blockchain.
.png)
Summary
In the following we describe the V Token (VEE) and its corresponding token sale. Table 1 gives the general overview.
The VEEs are allocated in two phases. The TGE starts with a contribution phase during which contributors invest ETH. The contribution phase is split into pre-sale and main sale. Each of these sales is capped at USD 20M. The cap itself is not automatically enforced within the smart contracts. After the contribution phase, the TGE continues with a token allocation phase during which the price of tokens is determined and each contributor is allocated with tokens based on their contribution.
About Block V
BlockV provides a platform for creating smart digital objects (vAtoms) on blockchains and distributing them among users.
Summary
ChainSecurity Ltd. has audited the HelloGold Tokens (HGT) contracts. As part of the audit, ChainSecurity Ltd. identified several issues. The HelloGold team has been fast and professional, they were able to fix most of the issues quickly through code changes. Some of the issues, which are harder to address on a technical level, will be addressed through other means. Overall ChainSecurity Ltd. is not aware of any remaining issues in the HGF contracts.
About HelloGold Foundation
HelloGold is a startup that creates simple and accessible gold products for everyone. Founded in 2015 and headquartered in Kuala Lumpur, Malaysia, HelloGold built the world’s first Shariah-compliant gold digital application that changes the way people buy and sell gold. The company’s platform features state-of-the-art online security and is supported by fully audited processes to guarantee proper ownership of the physical gold. HelloGold’s team of seasoned professionals have come together from the gold industry, financial services, technology and digital user experience, all with the aim of making gold available to everyone in Asia.