Etherparty’s Rocket Contracts Receive Exemplary Security Standing Following Audits
Two external reviews were conducted to ensure error-free contracts at launch
Etherparty is committed to practicing and implementing industry-leading security standards to ensure the best protection for all of our users. For this reason, we enlisted two blockchain software development firms, Iosiro and CoinFabrik, to review and scrutinize the smart contracts for our Rocket software product, which we have open-sourced on our Github repository.
Iosiro is a Rosebank, Gauteng-based (suburb not too far from Johannesburg, South Africa) company that offers security services to businesses using cryptocurrencies or blockchain technology.
According to Iosiro co-founder, Matt Marx, “The [Etherparty] contracts were of a high quality and any issues highlighted were remediated.”
The report further stated: “No major security issues were identified during the audit … The code was generally well designed and clearly written. It separated token and crowdfund logic and made use of commonly used libraries where possible.”
Iosiro awarded Etherparty with a cryptographically-signed badge, which will be placed on our official website.
Marx added that it’s fairly uncommon that Iosiro awards this badge, which signifies that Iosiro is satisfied with the level of security achieved.
According to Iosiro’s report: There were some issues identified during the audit, however their severities were limited to low and informational risk levels, and were related to minor discrepancies between the code and the specification and best practice issues that did not expose the contracts to significant security risk.
“At the conclusion of the audit, all of the identified issues had been addressed sufficiently,” stated Iosiro.
CoinFabrik, an Argentine software company specializing in cryptocurrency, fintech and blockchain software development services, was also hired to audit our smart contracts.
CoinFabrik stated: “No real security problems were found in these contracts,” just minor recommended adjustments.
The following analyses were performed by CoinFabrik:
● Misuse of the different call methods: call.value(), send() and transfer().
● Integer rounding errors, overflow, underflow and related usage of SafeMath functions.
● Old compiler version pragmas.
● Race conditions such as reentrancy attacks or front running.
● Misuse of block timestamps, assuming anything other than them being strictly increasing.
● Contract softlocking attacks (DoS).
● Potential gas cost of functions being over the gas limit.
● Function qualifiers missing or misused.
● Fallback functions with higher gas cost than what a transfer or send call allows.
● Fraudulent or erroneous code.
● Code and contract interaction complexity.
● Wrong or missing error handling.
● Overuse of transfers in a single transaction instead of using withdrawal patterns.
● Insufficient analysis of function input requirements.
CoinFabrik stated: “No real security problems were found in the contracts. We also found that automated testing is being used in the contracts by the Etherparty development team, which is a good practice.”
Etherparty is an ecosystem of fully-fledged, end-to-end software products based on smart contract technology for use on multiple blockchain networks.
At Etherparty, we are committed to security and, where possible, will strive to push beyond the best practices of our industry. The Etherparty platform is powered by the FUEL digital token, which means all services across all Etherparty products can be paid for with the FUEL digital token. Visit etherparty.com for more information.
