Blaize
Contact us
  • Home
  • Services
    • Back
    • Blockchain ecosystems
    • Decentralized application
    • Smart contracts
    • Developer tools
    • Enterprise solutions
    • Blockchain integration
    • NFT Development Services
    • NFT Marketplace Development
    • GameFi Development
    • Token Development Services
  • Blaize.Security
  • Solutions
    • Back
    • Blockchain Consulting Services
    • For enterprises
  • Team
  • Cases
  • Blog
  • Careers
  • fb
  • LinkedIn
  • Twitter
info@blaize.tech +38 095 53 72 031

Kyiv, Ukraine

26 Metalistiv St

Dnipro, Ukraine 20

Sichovykh Striltsiv St

SMART CONTRACT SECURITY AUDIT FOR NEMUS

2 weeks

Share:

Share on FacebookShare on TwitterShare on TelegramShare on WhatsApp

Nemus acquires at-risk land in the rainforest of the Amazon and creates a series of collectible NFTs on the Ethereum network, each tied to unique geolocation within the land. A portion of sales from NFTs pays for operations and the purchase of the land, while the remaining proceeds are stored in the Nemus Treasury. With the help of the Nemus DAO, the Treasury then funds economic and social activity on the land.

ABOUT THE PROJECT 

In this project, we consider the security of the contracts for the Nemus protocol. Our task was to find and describe security issues in the Nemus set of contracts: AbstractMintVoucherFactory and NeaMintTicketFactory. The scope of the audit included the unit test coverage that is based on the smart contracts code, documentation, and requirements presented by the Nemus team. 

MAIN REQUIREMENTS

The Blaize team’s task was to check the contracts for these main requirements:

  • Whether the contract is secure; 
  • Whether the contract corresponds to the documentation; 
  • Whether the contract meets best practices in efficient use of gas, code readability.

That’s why we have scanned the Nemus smart contracts for commonly known and more specific vulnerabilities:

  • Unsafe type inference; 
  • Timestamp Dependance; 
  • Reentrancy; 
  • Implicit visibility level; 
  • Gas Limit and Loops; 
  • Transaction-Ordering Dependance; 
  • Unchecked external call – Unchecked math;
  • DoS with Block Gas Limit; 
  • DoS with (unexpected) Throw; 
  • Byte array vulnerabilities; 
  • Malicious libraries; 
  • Style guide violation; 
  • ERC-20 API violation; 
  • Uninitialized state/storage/
  • local variables; 
  • Compile version not fixed.

SMART CONTRACT SECURITY AUDIT PROCEDURE

Blaize.Security has a prescribed security audit procedure. It consists of the following steps: 

  1. Check for code consistency whether the contract corresponds to the documentation;
  2. Checks against the standard list of vulnerabilities we have mentioned above;
  3. Static analysis by automated tools;
  4. Manual code analysis and code quality review;
  5. Gas usage analysis;
  6. Unit tests coverage check;
  7. Creation of a custom set of unit-tests for the full coverage;
  8. Security analysis report delivery;
  9. Post-audit fixes review.

Check the second audit for PeakDeFi or read the case about 1inch Smart Contract Security Audit. 

AUTOMATED TOOLS ANALYSIS 

Nemus smart contracts automated analysis was provided with a scanning contract by several publicly available automated analysis tools such as Mythril, Solhint, Slither, and Smartdec. 

MANUAL CODE REVIEW 

For the Nemus audit, the Blaize team performed the manual analysis of smart contracts for security vulnerabilities. We also checked smart contract logic and compared it with the one described in the documentation. 

SECURITY ANALYSIS REPORT

At the end of every audit, the Blaize team provides a detailed smart contracts security analysis report. For Nemus, we also prepared the document with all detected risks and the possible variants of their mitigation, issues, vulnerabilities details, and recommendations for their improvements.   

GET TO KNOW MORE ABOUT OUR BLAIZE SECURITY SERVICES

AUDIT RESULT

After the security audit of the Nemus smart contracts, the Blaize team found several issues which did not allow correct NFT minting for most user’s scenarios. Also, several issues from the standard auditors list were found. For now, the team has fixed all these issues.



All other issues were connected to missed checks, which may block the contract, and code quality. Nevertheless, all security risk issues were fixed by the team.



The overall security of Nemus smart contracts can be evaluated as secure, it performs all desired actions and has solid functionality.

Regarding the audit, the security of Nemus set of contracts can be evaluated as Highly Secure, 9.75 out of 10.

Check the list of found vulnerabilities and recommendations about their improvements in this report:

Nemus-smart-contract-audit-3_compressed

Our cooperation with Nemus wasn’t finished after this audit. Blaize’s team recently provided a new audit of the Nemus NFT smart contracts. Read the report below:

Nemus_2_NFT_smart_contract_audit

Service

  • Security audit

Blockchain

  • Ethereum

Project stage

Security audit

Other cases

NFT GAME DEVELOPMENT – FANTASY FOOTBALL LEAGUE

Service

  • Blockchain based platforms
  • Crypto games
  • NFT development
  • Smart contracts

Blockchain

  • Polygon
5 months
SMART CONTRACT DEVELOPMENT FOR THE CONTENT DELIVERY PLATFORM

Service

  • Smart contracts

Blockchain

  • Ethereum
4 weeks
SMART CONTRACT SECURITY AUDIT FOR RAINBOW BRIDGE BY AURORA

Service

  • Security audit

Blockchain

  • Ethereum
  • NEAR
7 weeks
SMART CONTRACT SECURITY AUDIT FOR 1INCH

Service

  • Security audit

Blockchain

  • Ethereum
2 weeks
SMART CONTRACT SECURITY AUDIT FOR AURORA

Service

  • Security audit

Blockchain

  • Aurora
1 month
MONEY MARKET PROTOCOL DEVELOPMENT FOR OMOMO

Service

  • Blockchain based platforms
  • Smart contracts
  • Token emission and distribution

Blockchain

  • NEAR
9 months
SMART CONTRACT SECURITY AUDIT FOR CUPCAKE – NFT APP

Service

  • Security audit

Blockchain

  • Ethereum
3 weeks
SOULBOUND TOKEN MVP DEVELOPMENT FOR PROJECT – SOUL SEARCH

Service

  • NFT development
  • Smart contracts
  • Token development

Blockchain

  • Polygon
3 weeks
Blaize

Address

Kyiv, Ukraine26 Metalistiv St
Dnipro, Ukraine20 Sichovykh Striltsiv St

Contact us

  • Tel.: +34 624 45 15 40
  • E-mail: info@blaize.tech

Menu

  • Home
  • Cases
  • Blog
  • Careers

Socials

  • Facebook
  • Twitter
  • LinkedIn
  • twitter
  • facebook
  • linkedin

Services

  • Blockchain ecosystems
  • Decentralized application
  • Smart contracts
  • Developer tools
  • Enterprise solutions
  • Blockchain integration
  • Smart contract audit
  • NFT development services
  • NFT marketplace
  • GameFi development
  • Token development
  • Blaize.Security

Solutions

  • For Startaps
  • For Enterprises

Subscribe news







    Popular Topics

    • 6 platforms for dApp development in 2023
    • How to do a smart contract audit
    • Tokenomics for crypto games
    • Smart contracts vulnerabilities
    • Launch an ICO, STO, and IEO in 2023
    • Create a stablecoin on Ethereum
    • Top 7 DeFi exploits&hacks in 2022
    top blockchain developers
    techreviewer
    GoodFirms Badge

    Copyright © Blaize - blockchain development company 2018-2023

    B2B inbound marketing with