xSigma Completes First Security Audit Ahead of Mainnet Launch

xSigma Lab
Feb 18 · 3 min read

Since our last update, the xSigma community has grown rapidly, as anticipation mounts ahead of our mainnet launch. The number of requests from private investors, institutions, and LPs, all of whom are interested in getting in on the ground floor, has taken us by surprise. Our team has been doing their utmost to honor these requests, while ensuring that all participants are able to claim their piece of the pie — not least the public, whose participation will be instrumental in ensuring xSigma’s success.

In other news, we’re pleased to report that Hacken has completed its audit of xSigma’s smart contracts. Auditing is the process by which external analysts scrutinize a project’s code to determine any potential vulnerabilities that could be exploited by hackers or result in loss of funds due to protocol failure.

Many projects do not complete this step until after they have launched and have millions of dollars of user funds passing through their smart contract. This results in serious systemic risk, which is why we were determined to have our code professionally audited prior to launch.

Hacken is a leading European security firm specializing in blockchain. Its client list includes some of the industry’s biggest blockchain companies such as VeChain, 1inch, gate.io, FTX, and Bithumb.

As a highly regarded blockchain security consultancy, Hacken’s word carries weight. Thus we were eagerly waiting, along with our community, to confirm that the xSigma contracts had received a clean bill of health.

Hacken concluded its report by assigning xSigma a “well-secured” score, having uncovered zero critical or severe issues. You can view the report in full here.

The “medium” issues can’t lead to assets loss or data manipulations.

Of the minor issues that were identified in Hacken’s audit report, we’re happy to share further details and highlight our response:

1. SigMasterChef is a contract that is responsible for adding new pools. The problem pinpointed here is that the code doesn’t check whether the pool has already been added to the platform.

We made the deliberate decision not to add the checking function, since it may cause increased gas usage once many pools have been added. Moreover, adding new pools is only possible by DAO voting. SushiSwap, which currently holds over $1 billion worth of assets in the same smart contract and has been audited by Peckshield, uses the same approach. Their auditors noted that attempting to add the same pool may trigger an undefined behavior. However, execution requires DAO voting, which will not happen unless the community votes for this.

2. The “cashback” smart contracts specified in the Hacken report are xSigma Corporation third party contracts that hold xSigma Corporation’s own funds and do not have any connection to LPs’ or users’ funds. xSigma Corporation funds these contracts to reimburse gas and subsidize transactions. Using unsafe math operations minimize gas usage and don’t have any impact from a security standpoint.

While we’re pleased to have passed Hacken’s rigorous audit with no critical issues identified, we will be undergoing at least two other audits by third party security companies in Q2 2021. This will ensure that nothing slips under the radar, and will give our community even greater confidence that xSigma’s code has been checked by the best blockchain auditors.

Stay tuned!

xSigma Lab Team.

xSigma DeFi

Making the future of finance

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store