BonFi V1 Successfully Passes Smart Contract Audits

BNF Again Passes Security Audit with Flying Colors!

BonFi V1 Smart Contracts Audit

Multiple new smart contracts accompany the launch of the BonFi V1 Platform. We engaged ImmuneBytes, a DeFi expert audit firm and trusted partner of Etherscan & SwissBorg, to review all our new smart contracts. ImmuneBytes specializes in DeFi products, with vast experience in identifying common DeFi vulnerabilities, including but not limited to reentrancy attacks, front running, variable shadowing, Denial of Service, Block Gas-Limit, and others.

Security Audit Goals

ImmuneBytes conducted a comprehensive security audit to verify that all smart contracts are secure, resilient, and working according to their specifications. The audit activities are divided into the following three categories:

  1. Sound Architecture: Evaluation of this system’s architecture through the lens of established smart contract best practices and general software best practices.
  2. Code Correctness and Quality: A full review of the contract source code. The primary areas of focus include:
    a. Correctness
    b. Readability
    c. Sections of code with high complexity
    d. Quantity and quality of test coverage

Security Audit Process & Results

The code was audited by a team of independent auditors which includes:

  1. Analyzing the complexity of the code by thorough, manual review of the code, line-by-line.
  2. Deploying the code on a test-net using multiple clients to run live tests.
  3. Analyzing failure preparations to check how the Smart Contract performs in case of bugs and vulnerabilities.
  4. Checking whether all the libraries used in the code are on the latest version.
  5. Analyzing the security of the on-chain data.

Please find the results of the audit here below:

1. Coding Conventions

  • ERC20 Token Standards: Pass
  • Compiler Version Security: Present
  • Visibility Specifiers: Pass
  • Gas Consumption: Pass
  • SafeMath Features: Pass
  • Fallback Usage: Pass
  • tx.origin Usage: Pass
  • Deprecated Items: Pass
  • Redundant Code: Pass
  • Overriding Variables: Pass

2. Function Call Audit

  • Authorization of Function Call: Pass
  • Low-level Function (call/delegate call) Security: Pass
  • Returned Value Security: Pass
  • self-destruct Function Security: Pass

3. Business Security

  • Access Control of Owner: Pass
  • Business Logics: Pass
  • Business Implementations: Pass

Overall result: The smart contracts have NO security issues.

Note: The full audit reports will be made available on GitHub after go-live of the BonFi V1 Platform on Thursday, April 15th.

Concluding Remarks

We are pleased that a third-party security firm acknowledges our smart contracts’ high level of security. Our goal is to reduce the risk of bugs and vulnerabilities, ensure user fund security, and provide more transparency and trust to the community. We will continue to consult with experts to discuss blockchain development, security, design patterns, and best practices.

About ImmuneBytes

ImmuneBytes is a security start-up to provide professional services in the blockchain space. The team has hands-on experience in conducting smart contract audits, penetration testing, and security consulting. ImmuneBytes’s security auditors have worked on various A-league projects and have a great understanding of DeFi projects like AAVE, Compound, 0x Protocol, Uniswap, dydx. The ImmuneBytes team helps start-ups with detailed system analysis ensuring security and managing the overall project.

About BonFi

BonFi is a multilayered open finance liquidity mining service platform complemented by the AI-powered BonVest, a professional cryptocurrency liquidity mining solution. It expands the DeFi financial product offering by combining smart contract staking and a managed cryptocurrency liquidity pool to achieve sustainable benefits for users.

Follow us

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BonFi Admin

Official Publication Admin Account of www.medium.com/bonfiorg [BonFi; bon.finance] We will never ask or request for payment.