GoodGhosting
Published in

GoodGhosting

GoodGhosting Smart Contract Audits

We started GoodGhosting’s smart contracts development aiming to include smart contract security into our development life cycle from the very start, instead of delaying this to the end of the process, when all contracts are “done” and ready for one big audit.

The GoodGhosting team understands that security is a key aspect of blockchain and DeFi applications. Thinking about potential bugs or attacks must not be restricted to the technical team only. It helps to have more people involved, with different perspectives and backgrounds. The more you actively think about security, the higher the chances of identifying potential exploits, eliminating or mitigating risks and catching bugs.

Although we put great effort into smart contract security ourselves, we also know we’re well off with getting help from security professionals. Shadowy super coders as they say, who can provide us with top notch advice to help us secure our smart contracts. And that’s exactly what we did.

Today, we’re happy to announce that we completed the security audits of our smart contracts with both Quantstamp (on 12/Aug/2021) and Dedaub (on 06/Jul/2021). Both audit reports are publicly available as of today.

To dive into the technical details 👇

🛡Security Audit Reports🛡

Scope

Dedaub and Quantstamp audited our core smart contracts used in our savings pools on Polygon. The contracts are:

1) Dedaub Audit Report

Dedaub logo

Dedaub audited our repository at commit 691ae20 and 6876465 (review after issues were addressed).

The final security audit report was issued by Dedaub on 06/Jul/2021 and the summary of findings is available below. Please refer to the audit report for Dedaub’s definition of each severity level.

Summary of findings reported by Dedaub, categorized by severity and resolution status

Reported Issues

You’ll find below a summary of the issues reported by Dedaub. Please refer to the audit report for more details about each reported issue.

2) Quantstamp Audit Report

Quantstamp audit seal

Quantstamp audited our repository at commit f1729c4 and 5e2eb63 (review after issues were addressed).

The final security audit report was issued by Quantstamp on 12/Aug/2021 and the summary of findings is available below. Please refer to the audit report for Quantstamp’s definition of each severity level.

Summary of findings reported by Quantstamp, categorized by severity and resolution status

Reported Issues

You’ll find below a summary of the issues reported by Quantstamp. Please refer to the audit report for more details about each reported issue.

Code Coverage

This is the current code coverage for our unit tests:

Conclusion

We’re really happy with the conclusion of the smart contract audits performed by Dedaub and Quantstamp, and making the reports publicly available.

We were glad to read in the reports that our code is “mature and well-tested”, and that no critical vulnerabilities were discovered. Currently our smart contracts are being tested with five saving pools live on Polygon, as part of our Guarded Launch approach. During the audit process, we capped the number of participants and TVL (over $70,000 for the four pools combined) to lower risk. Now our audits are complete, we are excited to continue working to improve GoodGhosting and onboard more users.

🚨 Keep up to date with the latest pools and the developments on our Discord channel, on our Twitter and/or mailing list 🚨

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Francis Odisi

Francis Odisi

I love writing code, managing projects and launching technology products.