Oct 13, 2021

Tempus Smart Contract Audit

In September 2021, Tempus engaged Coinspect to perform a third-party source code review of the smart contracts that comprise ther on-chain derivatives marketplace. No high-risk vulnerabilities that would result in stolen users funds were identified. However, one medium-risk issue (high impact, but low likelihood) was reported that could impact user funds if current security assumptions change in the future. Another medium-risk issue was reported related to the power the pool owners possess to update fees without constraints and that could be abused to harm users if the account were compromised.

Security Services

1 min read

Security Services

1 min read

Tempus Smart Contract Audit

In September 2021, Tempus engaged Coinspect to perform a third-party source code review of the smart contracts that comprise ther on-chain derivatives marketplace.

No high-risk vulnerabilities that would result in stolen users funds were identified. However, one medium-risk issue (high impact, but low likelihood) was reported that could impact user funds if current security assumptions change in the future. Another medium-risk issue was reported related to the power the pool owners possess to update fees without constraints and that could be abused to harm users if the account were compromised.

Continue reading Coinspect’s Tempus Smart Contract Audit report to learn more about how the system works and the details of the security issues identified.

Apr 30, 2021

Incognito Ethereum Bridge Audit

In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge. The main contracts are: IncognitoProxy: stores beacon and bridge committee members of the Incognito Chain, and other contracts can query this contract to check if an instruction is confirmed on the Incognito Chain. Vault: responsible for deposits and withdrawals; it holds assets (Ether or ERC20 tokens) and emits events that the Incognito Chain interprets as minting instructions; and when presented with a burn proof created over at the Incognito Chain, it releases the assets back to the user.

Smart Contracts

1 min read

Smart Contracts

1 min read

Incognito Ethereum Bridge Audit

In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge.

The main contracts are:

IncognitoProxy: stores beacon and bridge committee members of the Incognito Chain, and other contracts can query this contract to check if an instruction is confirmed on the Incognito Chain.
Vault: responsible for deposits and withdrawals; it holds assets (Ether or ERC20 tokens) and emits events that the Incognito Chain interprets as minting instructions; and when presented with a burn proof created over at the Incognito Chain, it releases the assets back to the user.

Continue reading Coinspect’s Incognito Smart Contract Audit report to learn more about how the bridge works and the details of the security issues identified.

Mar 30, 2021

Liquity Smart Contract Audit

In March 2021, Liquity engaged Coinspect to perform its second third-party source code review of the smart contracts that comprise the Liquity Protocol. Coinspect identified a high risk issue, a missing requirement in a function that allowed attackers to force the system to enter Recovery Mode in order to liquidate…

Defi

1 min read

Defi

1 min read

Mar 11, 2021

Aragon Smart Contract Audits

In August 2020, Aragon engaged Coinspect to perform a series of third-party source code reviews of the smart contracts that comprise their Protocol. Following are descriptions of the scope for several of those reviews: Aragon Protocol is a dispute resolution protocol. It handles subjective disputes that cannot be solved purely…

Smart Contract Audit

2 min read

Smart Contract Audit

2 min read

Feb 22, 2021

Horizen Source Code Audit

Executive Summary In February 2020, Horizen engaged Coinspect to audit the security of its blockchain platform. In particular this first engagement focused on reviewing Horizen platform additions to the Zcash protocol implementation including its core consensus rules, network protocols and privacy features. …

Horizen

4 min read

Horizen

4 min read

Feb 18, 2021

Vesper Pools Smart Contract Audits

Starting in September 2020, Bloq requested Coinspect to review selected parts of Vesper Pool’s source code while the contracts were being developed. Coinspect auditors spent 5 weeks during a period of 5 months. Coinspect published 5 smart contract audit reports detailing the tasks performed. Each report focused on an individual…

Vesper

1 min read

Vesper

1 min read

Vesper Pools Smart Contract Audits

Coinspect published 5 smart contract audit reports detailing the tasks performed. Each report focused on an individual…

Feb 11, 2021

Sovryn Governance Smart Contract Audit

Executive Summary In January 2021, Sovryn engaged Coinspect to perform a source code review of their new governance, staking and fee sharing contracts. The objective of the audit was to evaluate the security of the smart contracts implementing these features. The code reviewed was found to be clear, well written, and properly…

Sovryn

10 min read

Sovryn

10 min read

Feb 9, 2021

Aragon Staking Security Audit

Executive Summary In August 2020, Aragon engaged Coinspect to perform a source code review of the new Staking app 0.3.0. The objective of the audit was to evaluate the security of the smart contracts. The assessment was conducted on the Staking and StakingFactory contracts from the Git repository at https://github.com/aragon/staking …

Smart Contracts

4 min read

Smart Contracts

4 min read

Oct 24, 2019

Grin Security Audit

Coinspect published Grin Audit Report, which fully describes the engagement scope, details of issues identified, and how Grin handled the vulnerabilities. Summary During February 2019, Coinspect conducted a security audit of the Grin project’s MimbleWimble blockchain implementation. Coinspect found the project source code to be clearly organized and readable. Grin team has clearly made security a top priority concern in its project development.

Security

1 min read

Security

1 min read

Grin Security Audit

Coinspect published Grin Audit Report, which fully describes the engagement scope, details of issues identified, and how Grin handled the vulnerabilities.

Summary

During February 2019, Coinspect conducted a security audit of the Grin project’s MimbleWimble blockchain implementation.

Coinspect found the project source code to be clearly organized and readable. Grin team has clearly made security a top priority concern in its project development.

We would like to highlight the Grin team’s prompt and transparent response to the only critical vulnerability we found, which resulted in an almost immediate fix and Grin’s disclosure of CVE-2019–9195.

It is worth noting that even though the project was coded in Rust, the audit team found vulnerabilities that resulted in remote code execution and memory corruption.

Keep reading …

Oct 20, 2019

Coinspect Security

Coinspect Security offers an extensive set of software security services, including smart contract security, manual source code reviews, reverse engineering and black-box testing of applications and hardware devices, as well as web and network penetration testing services. Our consultants have over twenty years of experience working with leading technology companies throughout the world.

Coinspect

1 min read

Coinspect

1 min read