BonFi V1 Successfully Passes Smart Contract Audits

BNF Again Passes Security Audit with Flying Colors!

Last year, DeFi accounted for 50% of all security hacks and thefts, with over $100 million stolen by malicious actors. Therefore, we have made security our top priority when deploying smart contracts. Earlier in November, we engaged Beosin, one of the world’s leading blockchain security companies, to put the $BNF smart contract to the test and investigate any potential security risks. The audit result saw our smart contract being awarded the highest security grade-level “Distinction” based on the following three main smart contract pillars: Coding Standards, Security and Business Logic.

BonFi V1 Smart Contracts Audit

Multiple new smart contracts accompany the launch of the BonFi V1 Platform. We engaged ImmuneBytes, a DeFi expert audit firm and trusted partner of Etherscan & SwissBorg, to review all our new smart contracts. ImmuneBytes specializes in DeFi products, with vast experience in identifying common DeFi vulnerabilities, including but not limited to reentrancy attacks, front running, variable shadowing, Denial of Service, Block Gas-Limit, and others.

Security Audit Goals

ImmuneBytes conducted a comprehensive security audit to verify that all smart contracts are secure, resilient, and working according to their specifications. The audit activities are divided into the following three categories:

1. Security: Identifying security-related issues within each contract and the system of contracts.
2. Sound Architecture: Evaluation of this system’s architecture through the lens of established smart contract best practices and general software best practices.
3. Code Correctness and Quality: A full review of the contract source code. The primary areas of focus include:
   a. Correctness
   b. Readability
   c. Sections of code with high complexity
   d. Quantity and quality of test coverage

Security Audit Process & Results

The code was audited by a team of independent auditors which includes:

1. Testing the functionality of the Smart Contract to determine proper logic has been followed.
2. Analyzing the complexity of the code by thorough, manual review of the code, line-by-line.
3. Deploying the code on a test-net using multiple clients to run live tests.
4. Analyzing failure preparations to check how the Smart Contract performs in case of bugs and vulnerabilities.
5. Checking whether all the libraries used in the code are on the latest version.
6. Analyzing the security of the on-chain data.

Please find the results of the audit here below:

1. Coding Conventions

• ERC20 Token Standards: Pass
• Compiler Version Security: Present
• Visibility Specifiers: Pass
• Gas Consumption: Pass
• SafeMath Features: Pass
• Fallback Usage: Pass
• tx.origin Usage: Pass
• Deprecated Items: Pass
• Redundant Code: Pass
• Overriding Variables: Pass

2. Function Call Audit

• Authorization of Function Call: Pass
• Low-level Function (call/delegate call) Security: Pass
• Returned Value Security: Pass
• self-destruct Function Security: Pass

3. Business Security

• Access Control of Owner: Pass
• Business Logics: Pass
• Business Implementations: Pass

4. Integer Overflow/underflow: Pass

5. Reentrancy: Pass

6. Exceptional Reachable State: Pass

7. Transaction-Ordering Dependence: Pass

8. Block Properties Dependence: Pass

9. Pseudo-random Number Generator (PRNG): Pass

10.DoS (Denial of Service): Pass

11. Token Vesting Implementation: N/A

12. Fake Deposit: Pass

13. Event Security: Pass

Overall result: The smart contracts have NO security issues.

Note: The full audit reports will be made available on GitHub after go-live of the BonFi V1 Platform on Thursday, April 15th.

Concluding Remarks

We are pleased that a third-party security firm acknowledges our smart contracts’ high level of security. Our goal is to reduce the risk of bugs and vulnerabilities, ensure user fund security, and provide more transparency and trust to the community. We will continue to consult with experts to discuss blockchain development, security, design patterns, and best practices.

About ImmuneBytes

ImmuneBytes is a security start-up to provide professional services in the blockchain space. The team has hands-on experience in conducting smart contract audits, penetration testing, and security consulting. ImmuneBytes’s security auditors have worked on various A-league projects and have a great understanding of DeFi projects like AAVE, Compound, 0x Protocol, Uniswap, dydx. The ImmuneBytes team helps start-ups with detailed system analysis ensuring security and managing the overall project.

About BonFi

BonFi is a multilayered open finance liquidity mining service platform complemented by the AI-powered BonVest, a professional cryptocurrency liquidity mining solution. It expands the DeFi financial product offering by combining smart contract staking and a managed cryptocurrency liquidity pool to achieve sustainable benefits for users.

Follow us

• BonFi Official Website: bon.finance
• Twitter: @bon_finance
• Telegram: t.me/bonfiorg
• Reddit: r/BonFi