Tempus Smart Contract Audit

In September 2021, Tempus engaged Coinspect to perform a third-party source code review of the smart contracts that comprise ther on-chain derivatives marketplace.

No high-risk vulnerabilities that would result in stolen users funds were identified. However, one medium-risk issue (high impact, but low likelihood) was reported that could impact user funds if current security assumptions change in the future. Another medium-risk issue was reported related to the power the pool owners possess to update fees without constraints and that could be abused to harm users if the account were compromised.

Continue reading Coinspect’s Tempus Smart Contract Audit report to learn more about how the system works and the details of the security issues identified.

--

--

In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge.

The main contracts are:

  • IncognitoProxy: stores beacon and bridge committee members of the Incognito Chain, and other contracts can query this contract to check if an instruction is confirmed on the Incognito Chain.
  • Vault: responsible for deposits and withdrawals; it holds assets (Ether or ERC20 tokens) and emits events that the Incognito Chain interprets as minting instructions; and when presented with a burn proof created over at the Incognito Chain, it releases the assets back to the user.

Continue reading Coinspect’s Incognito Smart Contract Audit report to learn more about how the bridge works and the details of the security issues identified.

--

--

Coinspect published Grin Audit Report, which fully describes the engagement scope, details of issues identified, and how Grin handled the vulnerabilities.

Summary

During February 2019, Coinspect conducted a security audit of the Grin project’s MimbleWimble blockchain implementation.

Coinspect found the project source code to be clearly organized and readable. Grin team has clearly made security a top priority concern in its project development.

We would like to highlight the Grin team’s prompt and transparent response to the only critical vulnerability we found, which resulted in an almost immediate fix and Grin’s disclosure of CVE-2019–9195.

It is worth noting that even though the project was coded in Rust, the audit team found vulnerabilities that resulted in remote code execution and memory corruption.

Keep reading …

--

--