Request for Funds: Smart Contract Audit

Authors: obsqurial#5725

Date Created: 04/03/2022

Date Posted: 08/03/2022

Snapshot link

SUMMARY

Blockchain has conquered its supporters by being notoriously resistant and secure to security concerns, such as hacking, which have long plagued traditional financial markets.

Nevertheless, Bolide Finance strives for utmost compliance, attention to detail and adherence to top-notch quality assurance. No matter how impenetrably designed, we know that no system is ever entirely infallible.

For our own confidence and the confidence of our community, we will be carrying our first third party audit, in partnership with Haken.io

BACKGROUND

Technical audits are a great preemptive measure to ensure the excellence of our products.

To give some context of their importance, the split that occurred on the Ethereum chain in 2016 can be referenced.

During that particular occurrence, an attacker exploited a code vulnerability. By using a “recursive call bug” the attacker “leeched” onto the “DAO’’ and drained a democratized hedge fund of millions of dollars worth of ETH.

Since the hedge fund operated within the democratized framework, the fallout of this event was a hard fork and disagreement within the hedge fund’s community of whether to forcibly return the funds.

MISSION & VALUES ALIGNMENT

Speed and security of profit generation enabled by crypto assets is Bolide’s top priority.

Conducting regular and persistent self-checks is an important tool not only for the preservation of product integrity but also for community integrity - our two core objectives.

Thus, quality assurance will never be underestimated and we will always keep to ensuring the prevention, anticipation, and preemption of any possible flaw.

SCOPE OF WORK

Our Smart Contract Audit will test against the following vulnerabilities:

Code review

  • Reentrancy
  • Ownership Takeover
  • Timestamp Dependence
  • Gas Limit and Loops(Solidity)
  • DoS with (Unexpected) Throw
  • DoS with Block Gas Limit(Solidity)
  • Transaction-Ordering Dependence
  • Style guide violation
  • Costly Loop
  • ERC20 API violation(Solidity)
  • Unchecked external call
  • Unchecked math
  • Unsafe type inference
  • Implicit visibility level
  • Deployment Consistency
  • Repository Consistency
  • Data Consistency

Functional review

  • Business Logics Review
  • Functionality Checks
  • Access Control & Authorization
  • Escrow manipulation
  • Token Supply manipulation
  • User Balances manipulation
  • Data Consistency manipulation
  • Kill-Switch Mechanism
  • Operation Trails & Event Generation

FINANCIAL IMPLICATIONS

After conducting thorough market research related to auditing smart contracts, we estimate the cost for this service to be in the ballpark of $50K.

It is necessary to find a contractor who can satisfy both our material request and the scope of work defined.

We find Hacken.io to be the most suitable option within the framework of the described request.

NEXT STEPS

  • Submitting the smart contract code for testing;
  • Technical implementation of all described solutions proposed by the contractor.

POLL (Discourse Post Usage Only)

  • Yes
  • No
1 Like