Synthereum security audit by Halborn
Halborn, our security advisors, have completed two security audits of Synthereum.
Results
No critical vulnerabilities have been found.
The scope of work concerned two security audits:
- Synthereum PerpetualPoolParty Audit, December 27, 2020. This audit covers our version of the UMA PerpetualMultiParty derivative contract.
- Synthereum Pool v3 with On-Chain Price Feed and Supporting Infrastructure Contracts, March 09, 2021. This audit covers the remaining part of the Synthereum protocol, which powers Jarvis Exchange.
We have published a document summarizing our analysis of the second report. You can read it here:
A larger scope of work
Halborn has been our security advisors for a few months now. Apart from having done the security audit of our smart contracts, they have also been very helpful in many other aspects of Synthereum development including but not limited to:
- Full Risk Analysis Report on Components internal to Jarvis and prioritization of tasks.
- Review of previous penetration tests on Jarvis Market backend and smart contracts.
- Review of Cloudflare configuration to prevent DDoS.
- Internal Azure infrastructure architecture and security review.
- Terraform and CI/CD Review.
- First Synthereum smart contract review (while contracts were still in development).
- Report draft and delivery of Jarvis Reward Token Audit.
- UMA protocol analysis and review of intersecting components of UMA and Synthereum.
- Penetration testing reports of findings on new front end Testing of new feature RealmAgent and implement-Load-realm.
- Docker buildx penetration test and audit.
- Pen testing of Jarvis Exchange off-chain price feeds (part our previous architecture).
- PerpetualPoolParty (Jarvis’ fork of UMA PerpetualMultiParty).
- Working with us to design and integrate DevSecOps practices and tools, such as: Scanning dependencies for malicious code and vulnerabilities; Secret detection; SAST; Container scanning.
- Automating resource provisioning via Terraform.
- Ongoing vulnerability awareness.
About Halborn
Halborn is an all-star team of award-winning penetration testers and infosec advisors. Top DeFi organizations like Jarvis choose Halborn to advise and secure their stack end-to-end, not just the smart contract level.
We are more than happy to have worked with Halborn. They have been extremely helpful and professional throughout the whole work process.
Pascal.
Pascal (pascal.jarvis.eth on Twitter).
The possibilities are limitless
Join us in Discord
Follow us on Twitter
Learn on Gitbook
Vote on Snapshot
More info on jarvis.network
⛔ Risk Warning: Investing in digital financial assets involves a high degree of risk and volatility and is not suitable for all investors; do not risk more money than you can afford to lose. Please consult an independent professional financial or legal advisor to make sure the product is right for you.
⛔ Disclaimer: This article contains text, data, graphics, photographs, illustrations and information (“Information”) connected with Jarvis International and/or other entities part of the Jarvis group ( “Jarvis”). Jarvis attempts to ensure Information is accurate, however, Information is provided “AS IS” and on an “AS AVAILABLE” basis and may not be accurate or up to date. The publication of this article does not represent solicitation by Jarvis of buying the token “Jarvis Reward Token” and is not to be considered as a recommendation by Jarvis as to the suitability of any investment, if any, herein described. No action should be taken or omitted to be taken in reliance upon Information in this document. Jarvis accepts no liability for the results of any action taken on the basis of the Information.
