Blaize
Contact us
  • Home
  • Services
    • Back
    • Blockchain ecosystems
    • Decentralized application
    • Smart contracts
    • Developer tools
    • Enterprise solutions
    • Blockchain integration
    • NFT Development Services
    • NFT Marketplace Development
    • GameFi Development
    • Token Development Services
  • Blaize.Security
  • Solutions
    • Back
    • Blockchain Consulting Services
    • For enterprises
  • Team
  • Cases
  • Blog
  • Careers
  • Vacancies
  • fb
  • LinkedIn
  • Twitter
info@blaize.tech +38 095 53 72 031

Kyiv, Ukraine

26 Metalistiv St

Dnipro, Ukraine 20

Sichovykh Striltsiv St

SMART CONTRACT SECURITY AUDIT FOR AURORA

1 month

Share:

Share on FacebookShare on TwitterShare on TelegramShare on WhatsApp

Aurora is an EVM on the NEAR Protocol blockchain that delivers a turn-key solution for developers to operate their apps on an Ethereum-compatible platform. It was presented in May 2018 as the answer to the challenges related to scaling, speed, and security faced by this blockchain generation.

Aurora is currently the most advanced solution on the market and will probably remain such for a significant time. With Aurora, Ethereum users can work with familiar applications while benefiting from the efficiency of NEAR, removing significant financial barriers for users and developers.

ABOUT THE PROJECT 

The Blaize team has conducted the security audit for the Aurora set of smart contracts, including Treasury.sol, AdminControlled.sol, and JetStakingV1.sol. You can see how these smart contracts work on the graph below.

AURORA Staking – user flow
AURORA Staking – user flow

As you can see, users can stake their AURORA tokens and earn multiple rewards. These rewards are divided into streams, each with its own reward token. 

Users, who have staked AURORA, start to earn rewards from these streams and can claim pending rewards at any time. However, they need to wait before withdrawing rewards to their wallets.

Users can withdraw rewards in AURORA tokens from a special stream when they unstake their deposited tokens. 

MAIN REQUIREMENTS

We were assigned to detect and describe security issues in the Aurora EVM smart contract set.

We needed to check the smart contracts with the following parameters:

  • Whether the contract is secure; 
  • Whether the contract corresponds to the documentation; 
  • Whether the contract meets best practices regarding the efficient use of gas and code readability.

During the audit, we checked the code against the standard set of vulnerabilities like reentrancy, gas limits, loops, unsafe external calls, correct storage initialization and usage, timestamp dependencies, etc. 

Furthermore, the auditors’ team fully investigates the smart contracts’ business logic and security checks against the loopholes and vulnerabilities from the Blaize.Security knowledge base:

  • Access control checks: correct roles assignment, privilege roles abilities, correct identification of public functions for regular users;
  • Funds flow: correspondence of withdrawing to deposit, correct approves and token transfers logic, double spending absence, correct operations with different assets and correct conversion between the assets, no funds blocked and locked forever;
  • Math and calculations: dust attacks, correct math operations, extra-tokens attacks, muldiv patterns, and correct accuracy;
  • Correct initialization parameters;
  • Correct fungible tokens usage, absence of fake tokens attacks, and safe ERC20 usage.
  • Time dependency, the correct sequence of method calls, absence of deadlocks.

SECURITY AUDIT PROCEDURE FOR AURORA SMART CONTRACT

Blaize.Security has an established security audit procedure. It includes the following steps: 

  1. Check for code consistency and whether the contract corresponds to the documentation;
  2. Checks against the standard list of vulnerabilities we have mentioned above;
  3. Static analysis by automated tools;
  4. Manual code analysis and code quality review;
  5. Business logic review and protocol scheme preparation
  6. Gas usage analysis;
  7. Unit tests coverage check;
  8. Creation of the custom set of unit tests for full coverage;
  9. Exploratory testing and additional scenarios for use-cases coverage;
  10. Security analysis report;
  11. Post-audit fixes review.

See another smart contract audit case here: Smart Contract Security Audit for Crypto Collective. 

AUTOMATED TOOLS ANALYSIS 

The team has checked the contract with the help of several publicly available automated analysis tools, such as Mythril, Solhint, Slither, and Smartdec. Also, we have done manual verification of all the issues detected by automated tools.

MANUAL CODE REVIEW 

Manual testing is necessary to analyze all the previously found vulnerabilities and check the operational work of smart contracts in general. In addition, manual code review includes checking smart contract logic and comparing it with the one described in the documentation.

SECURITY ANALYSIS REPORT

In the end, we have provided a smart contract security analysis report for Aurora. The document contains all detected risks and the possible variants of its mitigations, issues, vulnerabilities details, and recommendations for their improvements.   

NEED A SMART CONTRACT AUDIT TOO? CHECK ALL BLAIZE SECURITY SERVICES. 

AUDIT RESULT

Aurora’s smart contracts have no critical security problems in line with the assessment. The code is high-quality, well-documented, and has good native test coverage. All unclear or suspicious functionality was verified with the Aurora team and fully covered with additional tests.  Additionally, the Aurora team successfully resolved all found issues connected to the problems with funds flow and incorrect rewards schedules.

Thus, according to the above rules, we consider the overall Aurora smart contract security level as Highly Secure, 9.9 out of 10.

The audit document with the full list of identified vulnerabilities and recommendations for their improvements can be found below:

Aurora-smart-contract-audit_compressed

Service

  • Security audit

Blockchain

  • Aurora

Project stage

Security audit

Other cases

STAKING SYSTEM DEVELOPMENT FOR THE DEFI SECURITY PLATFORM HACKLESS

Service

  • Blockchain based platforms
  • DeFi applications
  • Smart contracts
  • Token emission and distribution

Blockchain

  • BNB Chain
4 weeks
SMART CONTRACT SECURITY AUDIT FOR TITLE DEEDS CEX BY VIEWPOINT LABS

Service

  • Security audit

Blockchain

  • BNB Chain
  • Ethereum
1 week
MONEY MARKET PROTOCOL DEVELOPMENT FOR OMOMO

Service

  • Blockchain based platforms
  • Smart contracts
  • Token emission and distribution

Blockchain

  • NEAR
9 months
SMART CONTRACT SECURITY AUDIT FOR BLUELIGHT – Kale Bridge

Service

  • Security audit

Blockchain

  • BNB Chain
  • Ethereum
3 weeks
DECENTRALIZED APP DEVELOPMENT FOR THE CRYPTO GAME

Service

  • Blockchain based platforms
  • Crypto games
  • Smart contracts
  • Staking platforms
  • Token emission and distribution

Blockchain

  • Ethereum
  • Polygon
6 months
SMART CONTRACT SECURITY AUDIT FOR TOKENDEAL – Protocol For NFT Sales

Service

  • Security audit

Blockchain

  • Ethereum
1 day
SMART CONTRACT DEVELOPMENT FOR THE CONTENT DELIVERY PLATFORM

Service

  • Smart contracts

Blockchain

  • Ethereum
4 weeks
SMART CONTRACT SECURITY AUDIT FOR EVERSTAKE

Service

  • Security audit

Blockchain

  • Ethereum
2 weeks
Blaize

Address

Kyiv, Ukraine
26 Metalistiv St
Dnipro, Ukraine
20 Sichovykh Striltsiv St

Contact us

  • Tel.: +34 624 45 15 40
  • E-mail: info@blaize.tech

Menu

  • Home
  • Cases
  • Blog
  • Careers

Socials

  • Facebook
  • Twitter
  • LinkedIn
  • twitter
  • facebook
  • linkedin

Services

  • Blockchain ecosystems
  • Decentralized application
  • Smart contracts
  • Developer tools
  • Enterprise solutions
  • Blockchain integration
  • Smart contract audit
  • NFT development services
  • NFT marketplace
  • GameFi development
  • Token development
  • Blaize.Security

Solutions

  • For Startaps
  • For Enterprises

Subscribe news







    Popular Topics

    • 6 platforms for dApp development in 2023
    • How to do a smart contract audit
    • Tokenomics for crypto games
    • Smart contracts vulnerabilities
    • Launch an ICO, STO, and IEO in 2023
    • Create a stablecoin on Ethereum
    • Top 7 DeFi exploits&hacks in 2022
    top blockchain developers
    top blockchain developers
    techreviewer
    GoodFirms Badge
    defisec

    Copyright © Blaize - blockchain development company 2018-2023

    B2B inbound marketing with