Coinspect identified a high risk issue, a missing requirement in a function that allowed attackers to force the system to enter Recovery Mode in order to liquidate troves. This finding was promptly fixed by Liquity’s team during the assessment and the resulting code was verified by Coinspect.
Coinspect also identified two medium risks issues, one shows how attackers could leverage flash loans to inflate system fees, the other calls attention to how after the introduction of batch…
Following are descriptions of the scope for several of those reviews:
The objective of the audit was to evaluate the security of the smart contract source code, deployment, and user tokens migration procedures. During the assessment, Coinspect identified the following issues:
In February 2020, Horizen engaged Coinspect to audit the security of its blockchain platform. In particular this first engagement focused on reviewing Horizen platform additions to the Zcash protocol implementation including its core consensus rules, network protocols and privacy features. Also, Coinspect verified Horizen has properly fixed every known vulnerability inherited from the Zcash codebase.
During this engagement, Coinspect consultants used a hands-on approach to evaluate the platform security, which included:
Starting in September 2020, Bloq requested Coinspect to review selected parts of Vesper Pool’s source code while the contracts were being developed. Coinspect auditors spent 5 weeks during a period of 5 months.
Coinspect published 5 smart contract audit reports detailing the tasks performed. Each report focused on an individual new feature and/or set of modifications performed to previously reviewed code, specifically selected by the development team. Hence, the reviews do not represent a complete audit of the final project code and does not include the interactions with external components such as third party DeFi systems which were not in scope as per the client’s request.
Continue reading Vesper Pools Smart Contract Audit
Contact us to request a Smart Contract Audit
In October 2020, Sovryn engaged Coinspect to perform a source code review of their new decentralized Bitcoin trading and lending platform. The objective of the audit was to evaluate the security of their smart contracts.
The code reviewed was found to be clear, well written, and properly documented. The modifications performed to the forked projects did not introduce any vulnerabilities. However, Coinspect observed the oracle integration implementation weakens the system security and could be abused by attackers to manipulate the price feeds.
Moreover, the protocol is dependent on third party oracle providers, whose security should be evaluated and taken into…
In January 2021, Sovryn engaged Coinspect to perform a source code review of their new governance, staking and fee sharing contracts. The objective of the audit was to evaluate the security of the smart contracts implementing these features.
The code reviewed was found to be clear, well written, and properly documented. No high risk vulnerabilities were discovered during this audit.
Even though the new features give the protocol users more participation, it is worth noting, by design, centralized roles are still able to control governance decisions, at least until governance abdicates their proposal veto right.
The following issues were identified…
Between September and October 2018, IOVLabs engaged Coinspect to perform source code reviews of the RIF Token smart contracts. The objective of the audits was to evaluate the security of the smart contracts. During the assessments, Coinspect identified seven security issues. The high risk issues identified compromised the integrity of the token. External attackers could have abused RIF-002 to steal tokens belonging to shareholders, and initial contributors could have exploited RIF-004 to obtain bonus amounts higher than expected. Coinspect verified that all the identified security issues were correctly fixed in the revision `rc3` (git: 6194d7edca0abbcb5275350da7b225edd18b7573) of RIF Token contracts.
The assessment was conducted on the Staking and StakingFactory contracts from the Git repository at https://github.com/aragon/staking as of commit c7537c4519930ca254f693ff4e65117619b08f23 tag audit of September 10th.
The code was found to be clear, well written, well commented, and very well tested.
The following issues were identified during the assessment:
Coinspect published Grin Audit Report, which fully describes the engagement scope, details of issues identified, and how Grin handled the vulnerabilities.
During February 2019, Coinspect conducted a security audit of the Grin project’s MimbleWimble blockchain implementation.
Coinspect found the project source code to be clearly organized and readable. Grin team has clearly made security a top priority concern in its project development.
We would like to highlight the Grin team’s prompt and transparent response to the only critical vulnerability we found, which resulted in an almost immediate fix and Grin’s disclosure of CVE-2019–9195.
It is worth noting that even though the project was coded in Rust, the audit team found vulnerabilities that resulted in remote code execution and memory corruption.
Security for a Decentralized World