Security Status Report
Code Audit with Solidified
Where we are
We are heading to our formal launch in the upcoming weeks 🎉
Before that, we’d like to give you an update on where we stand regarding smart contract security.
We submitted our code to a final code audit before the formal launch, in July, during our demo release in Polygon. After the final report came back, we tested the updated contracts on the demo release and this phase is now coming to an end.
You can check the initial economic results here, and in this post, we'll cover the audit report.
Security Overview
Security is one of our main values and we are still learning how to find a balance between moving fast but with caution. Understanding smart contract security as layers is one of the ways that we have found to achieve that.
I have covered how we approach security layers at Pods in this previous blog post (or in this EthCC talk) and I will do a quick recap here.
System security is like an army. You have different types of soldiers that fit best to certain types of situations. Some of them are faster, cheaper, others are slow, expensive, and usually for the late game.
Below you can check some of the different types of layers that we do at Pods:
- Unity tests (>500)
- Test Coverage (>98%)
- Integration Tests
- Fuzzy testing
- Clear documentation (both on the code and on our docs)
- Economic simulations
- Testnet public environment
- Code Audits
- Bug bounty program
- Mainnet release with cap and admin powers
Solidified Final Audit Report
Solidified product is a multi-layered audit involving three or more independent auditors performing an isolated and unbiased 1:1 audit of your smart contracts. The final report shows all discovered vulnerabilities and suggested solutions approved by the consensus of auditors.
Summary of Findings
Solidified’s Audit discovered a total of five reported bugs with impact. This includes 0 Critical, 0 High, 1 Warning, 4 Minor vulnerabilities as well as informational findings and suggestions. All identified issues were resolved except for the Warning. We decided to acknowledge the warning because both the Pods team and Solidified have not found a scenario where this could be harmful to the system until this date.
Read the Solidified final audit report here.
Summary
Since our final design of the system (November last year), our security efforts have resulted in the discovery of a number of bugs, including some critical- and medium-severity issues. The team has taken the appropriate actions to evaluate and mitigate these issues promptly and we look forward to continuing to work on improving our security process and keep up with the speed of DeFi development.
Next Steps
We are improving our skills in fuzzy testing and formal verification. We'll schedule a formal verification of the contracts as soon as we reach a more stable version of the protocol.
About Pods
Pods is a decentralized non-custodial options protocol. Users can create options and trade them through an Options AMM on the Ethereum Blockchain. Pods is the easiest way to hedge crypto in DeFi.
We invite you to take the first step in your new mission: start testing the app on app.pods.finance.
Join the Pods community
app | website | documentation | blog | twitter | youtube | telegram | discord
