Plenty, a decentralized yield farm, approached us with a request to check their smart contract security for a decentralized finance project. As a company that works with blockchain and cryptocurrency technologies, our client has to ensure flawless security of all infrastructure elements so they can maintain a reliable reputation and gain customers’ trust. Our team performed a comprehensive security audit for the DeFi project. We detected several vulnerabilities in smart contracts and offered best practices to address them.
Plenty approached us with a request to perform a security audit for a decentralized finance smart contract implementation. Since they work in the DeFi sector, our client needs to make sure their smart contracts operate smoothly and that users’ funds are safe and sound. Plenty wanted to receive an unbiased evaluation of their smart contract security and discover possible vulnerabilities.
To help our client ensure the security of their product, we gathered a team of blockchain developers with experience auditing smart contracts. The team analyzed the project, defined the scope of work, planned their actions, and received our client’s confirmation of the plan. Our security audit consisted of checking the security of two types of smart contracts: DeFi smart contracts Swap smart contracts To check the security of the client’s smart contracts, we used the following methods: Behavioral analysis of smart contract source code Smart contract checks against our database of vulnerabilities and manual attacks Symbolic analysis of potentially vulnerable areas Manual code review and evaluation of code quality Unit test coverage analysis Gas usage analysis The three major steps of our security evaluation included: Checking smart contract security Reviewing smart contract code Analyzing test coverage. After performing a swap and DeFi smart contract security audit, we discovered 15 vulnerabilities: Two high-risk vulnerabilities related to bypassing system norms Six medium-risk vulnerabilities related to excessive admin rights that could possibly cause unexpected behavior Seven low-risk vulnerabilities that had little chance of breaking the contract’s execution flow. Overall, Plenty was pleased to know that no vulnerabilities were found during the assessment that could result in a loss of funds and that all of the identified medium- and low-risk vulnerabilities can be fixed. And since they feel certain about their smart contract security, our client can work on further improvements and adding features to current functionality. Not to mention that an unbiased security audit can help win users’ trust.