SMART CONTRACT SECURITY AUDIT FOR LOCKON FINANCE
Lockon Finance is an innovative platform that bridges the gap between traditional finance and the fast-evolving world of DeFi projects. Lockon Finance Protocol offers a dynamic set of smart contracts, including token swapping capabilities through the integration of the 0x protocol, aimed at optimizing transaction processes in the blockchain network.
ABOUT THE PROJECT
During the audit, we meticulously examined the security of smart contracts for the Lockon Finance protocol. Our primary objective was to detect and elaborate on any security vulnerabilities in the platform’s smart contracts. The scope of the audit included all updates which the Lockon team developed around the Set Protocol core functionality.
The Lockon Finance smart contracts have been designed to incorporate sophisticated functionalities, including token swaps, asset management, and security features. One of the notable additions is the ExchangeIssuanceZeroEx contract, which focuses on swaps between tokens and setToken using the 0x protocol. The contracts allow for seamless interaction and secure transactions within the Lockon Finance ecosystem.
The part of the Lockon Finance smart contract we audited.
We were mandated to identify and describe any security issues within the set of smart contracts of the Lockon Finance protocol. The scope of the audit entailed examining the following parameters:
- The security of the contracts;
- The conformity of the contract to its documentation;
- Best practices in terms of gas efficiency and code readability.
We have rigorously scanned the smart contracts for widely known and more specific vulnerabilities, including:
- Unsafe type inference;
- Timestamp Dependence;
- Implicit visibility level;
- Gas Limit and Loops;
- Transaction-Ordering Dependence;
- Unchecked external call – Unchecked math;
- Dos with Block Gas Limit;
- Dos with (unexpected) Throw;
- Byte array vulnerabilities;
- Malicious libraries;
- Style guide violation;
- ERC20 API violation;
- Uninitialized state/storage/local variables;
Furthermore, the Lockon Finance protocol was also checked against less common vulnerabilities from Blaize.Security’s internal knowledge base.
SMART CONTRACT SECURITY AUDIT PROCEDURE
Blaize.Security employed a comprehensive security audit procedure, which included the following steps:
- Manual code review;
- Static analysis using automated tools;
- Business logic review;
- Unit test coverage evaluation;
- Thorough integration testing;
- Manual and exploratory testing;
- Compilation of a detailed report on detected issues;
- Verification of solutions;
- Preparation and publishing of the final audit report.
AUTOMATED TOOLS ANALYSIS
Our team rigorously analyzed the contracts utilizing several publicly accessible automated analysis tools such as Mythril, Solhint, Slither, and Smartdec. Additionally, we manually verified all the issues identified by these automated tools.
MANUAL CODE REVIEW
We performed an in-depth manual analysis of the smart contracts to identify security vulnerabilities. This involved examining and comparing the smart contract logic with the documentation provided.
UNIT TEST COVERAGE
The audit scope encompassed unit test coverage based on the smart contract code, documentation, and requirements presented by the Lockon Finance team. Testing was applied for the part of the code, which Lockon team built upon the Set Protocol.
However, to bolster the security of the contracts, the Blaize.Security team recommended the Lockon Finance team launch a bug bounty program for further extensive analysis of the smart contracts, especially for the core protocol inherited from the Set Protocol.
SMART CONTRACT AUDIT IS A MUST FOR ANY WEB3 PROJECT. BOOK FREE AUDIT ESTIMATION ON BLAIZE WEBSITE.
SECURITY ANALYSIS REPORT
Upon completion, we furnished the Lockon Finance team with a comprehensive smart contract security analysis report. This document encompassed all identified risks, potential mitigations, detailed vulnerability assessments, and improvement recommendations.
No critical issues were found. A medium-risk issue related to token swaps in a loop was identified. The Lockon Finance team promptly addressed this issue along with others. The overall security is of a high standard, with well-structured and readable contract code. Hence, based on the criteria above, the overall security level of the Lockon Finance protocol can be rated as Highly Secure, 9.6 out of 10. The Lockon Finance team was proactive in verifying and fixing all the issues found, which is indicative of a strong commitment to security.
The Lockon Finance contracts are well-written, with adequate NatSpec comments to enhance code clarity. The team also provided a set of high-quality unit tests covering every contract aspect. To ensure a more robust security assessment, the Blaize.Security team conducted its own set of unit tests, focusing on changes made to the Set Protocol contracts and new contract functionalities, especially the integration with the 0x protocol.