Jul 21, 2021
Centaur Audit Report Summary
Dear Centaurians,
In our effort to keep the quality Centaur Swap sterling, we have commissioned a series of security audits. These were executed by Halborn Security, a blockchain-centric cybersecurity company that has set the industry standard for top-tier auditing methodologies. Before we even called for any audits, our development team went to great lengths to vigorously test our code to weed out any conceivable errors. This effort came to fruition when we were informed that nearly all the threats flagged were predominantly benign.
The first round of audits encompassed a technical audit which lasted from 8 May to 16 May 2021, followed by an economic audit from 1 June to 17 June 2021. The final audit pertaining to a timelock smart contract took place from 27 June to 5 July 2021.
Technical Audit for Centaur Swap
Technical audits focus on examining software to ensure that all of its code works exactly as intended. We are happy to report that all of the errors uncovered by this analysis were low-risk or considered “informational”, meaning that they have a negligible threat level.
Economic audits are more complex than technical audits because they go beyond ensuring that a codebase is working according to plan. They also peruse the code for hidden attack vectors which may have been hitherto unnoticeable to even expert developers. Advanced assessment techniques such as offensive penetration testing are employed during such audits — hence why Halborn used this exact method on the Centaur Swap codebase. The overwhelming majority of the potential flaws found were assessed to be of low or informational risk.
A liquidity loss exposure risk was the only critical vulnerability identified on our platform, out of all three reports. It arose from the emergency withdrawal function on Centaur Swap, which you can read more about here. This is a risk that we knowingly took, which is why we decided to add a combination of a timelock and multisig contracts to the Centaur Swap codebase. The same article linked above goes into a more detailed explanation of how these new safety mechanisms work. In time to come, we plan to relinquish ownership over this function once WHEY governance is established and the platform is stable.
Aside from this, a moderate threat pertaining to our oracle usage was highlighted. Halborn has stated that relying on Chainlink oracles could create the prospect for an oracle attack, but we believe that closely monitoring the Chainlink platform will suffice for this. Chainlink is the premier oracle service provider within our industry, and their watertight security leaves little opportunity for a potential hack.
After this amelioration was made, we called for a third appraisal specifically dedicated to the Centaur timelock smart contract. Halborn has assessed our newly amended solution, and we are happy to report that they have given our new features the green light. No significant errors, all our smart contracts supporting Centaur Swap are working as intended and free of any notable security vulnerabilities.
Concluding Remarks
To the best of our abilities, we will hold our software to the highest benchmark possible. Outside of externally commissioned examinations, we strive to maintain the highest standard of discipline and consistency for our in-house smart contract testing. Our software engineers are dedicated to keeping all Centaur software in top form because the trust of our users is our most valuable asset.
About Centaur
By combining the best elements of decentralised finance with measured regulatory control, Centaur is bridging DeFi and traditional finance. For more information, please visit our website, join our Telegram community discussion group and announcement channel.
Website | Telegram Group | Telegram Announcements | Twitter
Signing off,
Centaur
