While preparing to launch its live network at the end of June, SONM ordered security audits from two independent firms, Hacken.io and SmartDec. The audit was focused on smart contracts, with the goal being to find any security vulnerabilities that would put a user’s funds at risk. We would like to share an overview of the results with you, as well as full reports.
The preliminary results of the audit were received and reviewed before the launch of SONM Livenet, and now we are sharing the official documents with you.
Hacken.io
General audit resolution: According to the assessment, the customer`s smart contracts are well secured and have only few low security issues that do not have a significant impact on security overall.
No issues of “critical,” “high” or “medium” risk level found.
Issues of “low” and “very low” risk level found. These do not affect quality or security and relate to general best practices.
SmartDec
General audit resolution: The contract code is of good code quality and does not contain issues that endanger project security.
No critical issues found.
Medium-risk issues found:
- “Gas limit and loops.” The issue relates to an auxiliary smart contract unrelated to the operation of the network. An issue may arise if the number of maintenance operations with multisig contracts reaches a very high number, and contract execution will be terminated. However, this is very unlikely.
- “Locked tokens.” The issue describes a situation: if an individual sends tokens to one of the SONM smart contracts with a custom-crafted transaction (not as part of the system functions) this person will lose these tokens. In practice, a situation in which a person manually sends tokens to a smart contract (which is not intended to receive tokens this way) cannot happen unless they intentionally experiment and send their token to an address that is not publicly known.
- “Missing checks.” This issue describes general good best practices and does not actually pose any security risks.
Recommendations
The audit firms made a number of valid and fair recommendations, which will be considered while preparing updated versions of the smart contracts.
SONM on social media:
Web: sonm.com
GitHub: https://github.com/sonm-io
Reddit: https://www.reddit.com/r/SONM/
Twitter: @sonmdevelopment
Facebook: Facebook.com/SONMproject
QQ: 638465027
Tech support: @SONMbetatest
Originally published at sonm.com on August 31, 2018.
