AstridDAO and $BAI Stablecoin Successfully Pass Industry-Leading Smart Contract Audits by Peckshield and CertiK
Hello Astridians!
We are delighted to announce that all of the primary smart contracts in the AstridDAO protocol, including the $BAI stablecoin, have passed the industry-leading smart contract audits performed by Peckshield and CertiK.
Peckshield and CertiK were given the opportunity to review our design document and related smart contract source code of the AstridDAO protocol.
Both the Peckshield and CertiK audits were performed to uncover vulnerabilities in our source code as well as any contract dependencies that were not part of an officially recognized library.
For the CertiK audit, a comprehensive examination was performed, utilizing static analysis and manual review techniques.
The auditing process paid special attention to the following:
- Testing smart contracts against common and uncommon attack vectors.
- Assessing the codebase to ensure compliance with current best practices and industry standards.
- Ensuring contract logic meets the specifications and intentions.
- Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
- Thorough line-by-line manual review of the entire codebase by industry experts.
The security assessment resulted in findings that ranged from critical to informational. The reports recommended addressing these findings to ensure a high level of security standards and industry practices.
While the audits surfaced potential risks, the AstridDAO team has been addressing all vulnerabilities to its codebase head-on and has since fully resolved all critical security issues.
In addition, the Peckshield report highlighted key improvements, such as:
- Improved Validation in BAITo- ken/ATIDToken::permit()
- Improved Validation of Protocol Parameters
- Improved Vault Close Logic in Vault Manager
- Improved Sanity Checks Of System/Function Parameters
- Consistent Event Generation of CollateralAddressChanged
The audit results were positive overall. As such, the closing statement of Peckshield’s report says that:
In this audit, we have analyzed AstridDAO’s design and implementation.
The current code base is well structured and neatly organized. Moreover, the identified issues have been promptly confirmed and addressed.
Meanwhile, we need to emphasize that Solidity-based smart contracts are still in an early but exciting stage of development.
To read the reports in full, please click the links below:
Peckshield Report
CertiK Report
Closing Thoughts
After successfully passing our smart contract audits, we are even more confident about the prospects of our stablecoin, $BAI, and the AstridDAO protocol.
Nevertheless, we will continue to monitor the most critical issues that surfaced in the report and continue to optimize our codebase and processes in order to mitigate security risks.
By adhering to the blockchain industry’s best practices, you can rest assured that you are using a protocol (AstridDAO) and stablecoin ($BAI) that has passed two of the Web3 industry’s most rigorous audits and is adhering to its highest standards.
About Peckshield
Founded in 2018, PeckShield has become one of the leading Web3 auditing companies with rigorous smart contract auditing methodologies. With dozens of years of experience and notable achievements in vulnerability analysis, operating systems, and malware defense, Peckshield provides peace of mind to those who use Peckshield audited products.
About CertiK
Founded in 2018 by professors of Columbia and Yale, CertiK is a pioneer in blockchain security, utilizing best-in-class Formal Verification and AI technology to secure and monitor blockchains, smart contracts, & Web3 apps.
About AstridDAO
AstridDAO is a decentralized money market protocol and multi-collateral stablecoin built on Astar and the Polkadot ecosystem, allowing users to borrow $BAI, a stablecoin hard-pegged to USD against risk assets at 0% interest and minimum collateral ratio. This mechanism enables users to leverage the value in their risk assets, including $ASTR, $BTC, $ETH, and $DOT, without selling them.
