Nolus Audits Report
As the world of cryptocurrencies continues to evolve, security remains a top priority for anyone involved in the industry. With the value of digital assets increasing rapidly, the stakes are high for investors, traders, and developers alike. That’s why a security audit is crucial for any cryptocurrency protocol, as it can help identify potential vulnerabilities and prevent potential hacks or exploits.
Nolus has undergone two comprehensive security audits, and we’re excited to share the results with our community. In this article, we’ll dive into the audit detailsand discuss the changes we’ve made to our code as a result. Our goal is to provide transparency and assurance to our users that we take their security seriously and are committed to improving our protocol’s resilience to potential threats. So without further ado, let’s take a closer look at our security audit and the improvements we’ve implemented.
Oak Security, a leading provider of blockchain security audits, has recently published two reports for both the blockchain and the smart contract protocol. In each report, the findings were classified and ranked according to their severity — from critical to informational.
In the first report, which focused on the base layer protocol (Nolus chain code), there were no critical findings. However, the audit did reveal an issue in the implemented custom tax module. The original idea behind the module was to process an arbitrary range of provided fees, including not only $NLS tokens but many other tokens as well. This presented a problem, as the nodes running the code would have difficulty processing such a long list of fees, potentially causing block production to stop. To address this issue, we restricted the fee coins to only $NLS tokens and applied the tax only to those tokens. Additionally, minor warnings were identified regarding validation rules on some minter parameters related to the module that is responsible for the distribution rate of the staking rewards, which were promptly resolved.
The informational findings in the first audit were related to inconsistent naming conventions of variables, packages, and unnecessary code. These issues can make it difficult for developers to understand the code and navigate through it, leading to potential errors and bugs in the protocol. Unnecessary code can also lead to increased complexity, which in turn can make the code more difficult to maintain and understand. Moreover, inconsistent naming conventions and unnecessary code can potentially introduce vulnerabilities that could be exploited by attackers. If the code is difficult to understand, it becomes more challenging to identify and fix such vulnerabilities, which could ultimately compromise the protocol’s security.
Therefore, adhering to consistent naming conventions and keeping the codebase lean and optimized is crucial for ensuring the security and efficiency of cryptocurrency protocols. All of these issues were resolved, demonstrating our commitment to improving the protocol’s efficiency and usability.
The second report focused on the money market audit and revealed several critical findings, most of which were addressed by the underlying blockchain. Our semi-permissioned blockchain prohibits the deployment of custom contracts without a governance proposal, thus minimizing the potential for malicious actors to exploit the system.
One of the critical findings in the money market audit was related to the price-feeding mechanism. To optimize for additional security, we introduced a variant of the Exponential Moving Average algorithm. This approach takes several observed prices in a given period, applies weights, and returns a price, thereby increasing the security of the price feeds. A secure price feed is essential in a money market because it ensures that users receive accurate pricing information and liquidation prices, avoiding potential losses for both borrowers and lenders.
Another critical finding was related to updating the parameters, which can now only be modified via a governance proposal. One of the main benefits of requiring governance proposals to update parameters is adding an additional layer of security and decentralization to the system. This mechanism ensures that proposed changes are carefully considered and approved by a majority of stakeholders rather than being implemented unilaterally by a single party or group. Finally, the audit identified some typical misspellings and other issues related to price-feeding optimizations and validations, which were promptly resolved.
Overall, the security audit was a valuable exercise that helped us identify and address potential vulnerabilities in our protocol. By implementing the necessary changes, we are confident that our users’ assets are better protected, and we remain committed to maintaining the highest security standards inthe cryptocurrency industry. We would like to thank Oak Security for their fantastic work and guidance throughout this time, providing necessary security tweaks in the run-up to the Mainnet launch.
___
#GetToNolus better! 👇
