Hacken Completes Two Successful Security Audits for Pendulum
Hacken recently undertook a rigorous security assessment of the Pendulum Chain. With their vast expertise in auditing over 1000 Web3 projects, Hacken’s team meticulously evaluated both Pendulum’s Solidity Wrapper Contracts and the Asset Chain Extension.
Trust Through Transparency
We are pleased to formally announce the successful completion of two audits conducted by Hacken. The Pendulum Solidity Wrapper Contracts garnered a score of 9.5/10, and the Pendulum Asset Chain Extensions were evaluated with a score of 9.6/10. These evaluations highlight our unwavering commitment to the highest standards of security and functionality. Detailed PDF reports can be accessed on the Hacken website here.
Pendulum Solidity Wrapper Contracts
Existing DeFi smart contracts are written in Solidity and expect to interact with other smart contracts that implement the ERC-20 interface. These smart contracts are not aware of the fact that the token data is stored in on-chain pallets. With using these wrapper contracts, fulfilling expected interfaces, we can facilitate the deployment of existing Solidity smart contracts on the parachain without the need to change the smart contract implementation.
Findings:
Critical: 0
High: 0
Medium: 0
Low: 5
Total Score: 9.5/10
We’re pleased to report that no critical, high, or medium-risk vulnerabilities were identified. However, five low-risk findings were detected. Our team has taken these findings seriously and acted promptly to address and rectify them. It’s worth noting that low-risk findings often represent minor areas of improvement rather than significant threats. Read the full report here.
Pendulum Asset Chain Extension
On Pendulum, the on-chain asset and price data is exposed to smart contracts by so-called chain extensions which facilitate the interaction between the smart contract and the pallets. By using the chain extensions in combination with the Solidity Wrapper contracts, existing Solidity smart contracts can interact with the on-chain asset and price data without the need to change their implementation. The scope of this audit primarily focused on the orml-currencies-allowance-extension pallet and the runtime implementation of the ChainExtension, exposing the asset and price data.
Findings:
Critical: 0
High: 0
Medium: 1
Low: 1
Total Score: 9.6/10
The discovery of one medium-risk and one low-risk vulnerability, though minor, was met with immediate action from the Pendulum technical team, reinforcing our pledge to a secure user experience. Fixes for both bugs have now been made. Visit our Github repository for the technical breakdown of the Pendulum Asset Chain Extension. Read the full Hacken audit report here.
Summary
Ensuring a reliable and secure Web3 infrastructure is paramount for Pendulum, and comprehensive audits are essential to this process. Such infrastructure paves the way for Fintechs to confidently build dApps on the network, building the bridge between traditional finance and DeFi. We’re grateful to Hacken for their role in this process. Join us in the Pendulum socials and be part of the movement to swing fiat to DeFi!
About Hacken
Pioneers in Web3 security, safeguarding the future of decentralized projects with proactive protection against hacks. Powered by $HAI.
Website | Twitter | LinkedIn | Audits |
About Pendulum
Building the missing link between fiat and DeFi through a fiat-optimized smart contract blockchain based on Polkadot’s Substrate. Allowing traditional finance fiat services to integrate with DeFi applications such as specialized forex AMMs, lending protocols, or yield farming opportunities. Developed by SatoshiPay.
Keep your eyes on the Pendulum!
Website | Twitter | Telegram Announcements | Telegram Community | Discord | Docs |
