Pendle
Published in

Pendle

Security Update

Security is a crucial aspect for us and as such, our contracts have undergone numerous audits. We’d like to take the chance now to share these audits with everyone.

We’ve received 3 audit reports and have fixed the issues found. The reports are available here. We’ll outline the issues found here:

We engaged Least Authority to audit an initial version of our contracts. Least Authority identified 5 issues, the likeliness of it to occur, as well as remediation suggestions. Here are the issues found:

Least Authority has also provided 8 suggestions to improve the contracts. In summary, Least Authority recommended reducing the complexity of our smart contracts and to conduct additional audits by independent teams, given the high complexity.

After the initial version was audited by Least Authority, we refactored the codes to make them more straightforward and secure. Beyond the engagement with Least Authority, we have also engaged 4 independent whitehats to further audit our contracts.

Here’s the summary of the public reports by 2 of the whitehats. For the following reports, severity was included. The issues found were all resolved.

The first report identified 1 critical severity issue, 3 medium severity issues, and 3 low severity issues. Refer to the table below for more information:

The second report identified 1 medium severity issue and 7 low severity issues. These are summed up in the table below:

The report also included some recommendations, mostly on removing redundant lines and considerations to improve code quality and gas consumption. We have reviewed these recommendations, following some and acknowledging the others.

Summary

There were a number of issues and suggestions brought up during our audits. These were all addressed and fixed by our dev team. The reports have been published and linked above, do check them out if you’re interested in reading more.

Security is very important to us and we’ll continue to engage auditors to ensure that contracts are up to standard. Moving forward, we will also introduce bug bounties to activate the community for contract reviews. More details to be released soon.

Join our Discord server and follow us on Twitter and Telegram to stay updated.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store