Review stormyield finance project

 Screenshot_38.png

Hi everyone, during the 04th of April 2022, StormYield Team engaged Solidproof.io to audit smart contracts that they created. The engagement was technical in nature and focused on identifying security flaws in the design and implementation of the contracts. They provided Solidproof.io with access to their code repository and whitepaper.

SolidProof.io Reports represent an extensive auditing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk.

SolidProof’s position is that each company and individual are responsible for their own due diligence and continuous security. SolidProof in no way claims any guarantee of security or functionality of the technology we agree to analyze.

SolidProof.io Audits do not provide any warranty or guarantee regarding the absolute bug- free nature of the technology analyzed, nor do they provide any indication of the technology proprietors. SolidProof Audits should not be used in any way to make decisions around investment or involvement with any particular project. These reports in no way provide investment advice, nor should be leveraged as investment advice of any sort.

SolidProof.io reports are not, nor should be considered, an endorsement or disapproval of any particular project or team. These reports are not, nor should be considered, an indication of the economics or value of any product or asset created by any team. SolidProof.io do not cover testing or auditing the integration with external contract or services (such as Unicrypt, Uniswap, PancakeSwap, etc).

Scope of Work/Verify Claims

The above token Team provided us with the files that needs to be tested (Github, Bscscan, Etherscan, files, etc.). The scope of the audit is the main contract (usual the same name as team appended with .sol).

Solidproof.io will verify the following claims:

  • Correct implementation of Token standard
  • Deployer cannot mint any new tokens
  • Deployer cannot burn or lock user funds
  • Deployer cannot pause the contract
  • Overall checkup (Smart Contract Security

Screenshot_37.png

Tested Contract Files

This audit covered the following files listed below with a SHA-1 Hash. A file with a different Hash has been modified, intentionally or otherwise, after the security review. A different Hash could be (but not necessarily) an indication of a changed condition or potential vulnerability that was not within the scope of this review.

Audit Techniques and Strategies

During the review process, attention is paid to evaluating the repository for issues related to security, code quality, and compliance with specifications and best practices. To do so, review line by line by our team of expert pentesters and smart contract developers, who document any issues found.

The auditing process follows a routine series of steps:

I) Code review that includes the following:

  • Review of the specifications, sources, and instructions provided to SolidProof to make sure we understand the size, scope, and functionality of the smart contract.
  • Manual review of code, which is the process of reading source code line byline in an attempt to identify potential vulnerabilities.
  • Comparison to specification, which is the process of checking whether the code does what the specifications, sources, and instructions provided to SolidProof describe.

II) Testing and automated analysis that includes the following:

  • Test coverage analysis, which is the process of determining whether the test cases are actually covering the code and how much code is exercised when we run those test cases.
  • Symbolic execution, which is analysing a program to determine what inputs causes each part of a program to execute.

III) Best practices review, which is a review of the smart contracts to improve efficiency, effectiveness, clarify, maintainability, security, and control based on the established industry and academic practices, recommendations, and research.

IV) Specific, itemized, actionable recommendations to help you take steps to secure your smart contracts.

Main source

Here are the main reference sources from the StormYield project:

AUTHOR

 Forum Username: _Renimbi

BEP-20 Wallet Address: 0x22E18A53e0E0BE71afa7DAa89EC0BF8bc960846E

Komentar

Posting Komentar

Postingan populer dari blog ini

HASHFAIR : TRANSFORMING ONLINE GAMING THROUGH BLOCKCHAIN INNOVATION

Gambar
  Introduction HashFair is an innovative online games platform pioneering the integration of Web 3.0 technologies within the gaming industry. Built upon the robust infrastructure of blockchain technology, decentralized finance (DeFi), and smart contracts, HashFair has introduced the world's first decentralized dealer. Operating autonomously on an immutable smart contract, this decentralized dealer is a groundbreaking feature that has the potential to revolutionize the online gaming landscape. Traditional online games platforms often rely on a centralized authority or a 'trusted third party' to maintain fair play, which can create a layer of opacity and mistrust. HashFair, however, disrupts this approach by providing an autonomous dealer that guarantees both the integrity of game outcomes and the immediacy of transactions. By leveraging blockchain technology, all game outcomes are transparent, traceable, and tamper-proof, which not only instills trust among gamers but also r
Baca selengkapnya

HashFair operates in a decentralized framework.

Gambar
  About HashFair HashFair is an innovative online games platform pioneering the integration of Web 3.0 technologies within the gaming industry. Built upon the robust infrastructure of blockchain technology, decentralized finance (DeFi), and smart contracts, HashFair has introduced the world's first decentralized dealer. Operating autonomously on an immutable smart contract, this decentralized dealer is a groundbreaking feature that has the potential to revolutionize the online gaming landscape. Traditional online games platforms often rely on a centralized authority or a 'trusted third party' to maintain fair play, which can create a layer of opacity and mistrust. HashFair, however, disrupts this approach by providing an autonomous dealer that guarantees both the integrity of game outcomes and the immediacy of transactions. By leveraging blockchain technology, all game outcomes are transparent, traceable, and tamper-proof, which not only instills trust among gamers but also
Baca selengkapnya

HashFair is transforming the gaming industry by giving power back to the players.

Gambar
  In the world of online gaming, community involvement and player empowerment are often overlooked. However, at HashFair, we are revolutionizing the gaming industry by introducing a Decentralized Autonomous Organization (DAO) concept. With HashFair, gamers have the power to actively participate in decision-making processes, shaping the future of our platform and creating a more inclusive and prosperous gaming ecosystem. 1. The Essence of DAO Governance: At HashFair, we believe that every player’s voice matters. Our DAO governance model ensures that stakeholders have the ability to contribute to key decisions that impact the platform. By staking our native token, you gain voting rights and actively participate in shaping the future of HashFair. This democratic approach ensures that the platform aligns with the community’s needs and desires. 2. Participatory Decision Making: Your Role in HashFair’s Success: As a participant in the HashFair DAO, you hold the power to propose and vote on v
Baca selengkapnya