Smart Contract Audit

Audit Results

A few days ago we published the Contribution Smart Contract code for peer review. Backes Security and Research Technologies today released their security audit:

https://data.backes-srt.com/nimiq_9bf53b254b/audit_v1.3.pdf

The last commit that was reviewed was: 8c0d545272f67f3fb07dc533490c736a39aee680 at

https://github.com/nimiq-network/nimiq-exchange-token

We are glad to report that besides the items that were identified — and that we worked through with them during the review period — no outstanding issues have been found and all concerns were addressed adequately.

Bug Bounty Reward

Smart contract security audits like this one, significantly reduce the risks of the smart contracts issues but they can not warrant bug-free code. Our Bug bounty program remains open with a reward of US$5'000 for discovery and responsible disclosure of issues that represent a tangible security threat for the contributions. Importantly, such bug reports need to classify as actually executable under a realistic attack scenario. Eligible bugs are:

• Security threats: incorrect ETH/NET allocation
• DoS: incorrect execution of the contracts through malicious actor (stuck in invalid, irrecoverable state)
• Logical errors: issues in the contract that lead to significant deviation from specified intention and terms

DISCLAIMER: None of the statements must be viewed as an endorsement or recommendation for Nimiq, any cryptocurrency, or investment product. Neither the information, nor any opinion contained herein constitutes a solicitation or offer by the creators or participants to buy or sell any securities or other financial instruments or provide any investment advice or service.