Blaize
Contact us
  • Home
  • Services
    • Back
    • Blockchain ecosystems
    • Decentralized application
    • Smart contracts
    • Developer tools
    • Enterprise solutions
    • Blockchain integration
    • Smart Contract Audit
  • Solutions
    • Back
    • For startups
    • For enterprises
  • Team
  • Cases
  • Blog
  • Careers
  • fb
  • LinkedIn
  • Twitter
info@blaize.tech +38 095 53 72 031

Kyiv, Ukraine

26 Metalistiv St

Dnipro, Ukraine 20

Sichovykh Striltsiv St

SMART CONTRACT SECURITY AUDIT FOR NEMUS

2 weeks

Share:

Share on FacebookShare on TwitterShare on TelegramShare on WhatsApp

Nemus acquires at-risk land in the rainforest of the Amazon and creates a series of collectible NFTs on the Ethereum network, each tied to unique geolocation within the land. A portion of sales from NFTs pays for operations and the purchase of the land, while the remaining proceeds are stored in the Nemus Treasury. With the help of the Nemus DAO, the Treasury then funds economic and social activity on the land.

ABOUT THE PROJECT 

In this project, we consider the security of the contracts for the Nemus protocol. Our task was to find and describe security issues in the Nemus set of contracts: AbstractMintVoucherFactory and NeaMintTicketFactory. The scope of the audit included the unit test coverage that is based on the smart contracts code, documentation, and requirements presented by the Nemus team. 

MAIN REQUIREMENTS

The Blaize team’s task was to check the contracts for these main requirements:

  • Whether the contract is secure; 
  • Whether the contract corresponds to the documentation; 
  • Whether the contract meets best practices in efficient use of gas, code readability.

That’s why we have scanned the Nemus smart contracts for commonly known and more specific vulnerabilities:

  • Unsafe type inference; 
  • Timestamp Dependance; 
  • Reentrancy; 
  • Implicit visibility level; 
  • Gas Limit and Loops; 
  • Transaction-Ordering Dependance; 
  • Unchecked external call – Unchecked math;
  • DoS with Block Gas Limit; 
  • DoS with (unexpected) Throw; 
  • Byte array vulnerabilities; 
  • Malicious libraries; 
  • Style guide violation; 
  • ERC-20 API violation; 
  • Uninitialized state/storage/
  • local variables; 
  • Compile version not fixed.

SMART CONTRACT SECURITY AUDIT PROCEDURE

Blaize.Security has a prescribed security audit procedure. It consists of the following steps: 

  1. Check for code consistency whether the contract corresponds to the documentation;
  2. Checks against the standard list of vulnerabilities we have mentioned above;
  3. Static analysis by automated tools;
  4. Manual code analysis and code quality review;
  5. Gas usage analysis;
  6. Unit tests coverage check;
  7. Creation of a custom set of unit-tests for the full coverage;
  8. Security analysis report delivery;
  9. Post-audit fixes review.

Check the second audit for PeakDeFi or read the case about 1inch Smart Contract Security Audit. 

AUTOMATED TOOLS ANALYSIS 

Nemus smart contracts automated analysis was provided with a scanning contract by several publicly available automated analysis tools such as Mythril, Solhint, Slither, and Smartdec. 

MANUAL CODE REVIEW 

For the Nemus audit, the Blaize team performed the manual analysis of smart contracts for security vulnerabilities. We also checked smart contract logic and compared it with the one described in the documentation. 

SECURITY ANALYSIS REPORT

At the end of every audit, the Blaize team provides a detailed smart contracts security analysis report. For Nemus, we also prepared the document with all detected risks and the possible variants of their mitigation, issues, vulnerabilities details, and recommendations for their improvements.   

GET TO KNOW MORE ABOUT OUR BLAIZE SECURITY SERVICES

AUDIT RESULT

After the security audit of the Nemus smart contracts, the Blaize team found several issues which did not allow correct NFT minting for most user’s scenarios. Also, several issues from the standard auditors list were found. For now, the team has fixed all these issues.



All other issues were connected to missed checks, which may block the contract, and code quality. Nevertheless, all security risk issues were fixed by the team.



The overall security of Nemus smart contracts can be evaluated as secure, it performs all desired actions and has solid functionality.

Regarding the audit, the security of Nemus set of contracts can be evaluated as Highly Secure, 9.75 out of 10.

Check the list of found vulnerabilities and recommendations about their improvements in this report:

Nemus-smart-contract-audit-3_compressed

Our cooperation with Nemus wasn’t finished after this audit. Blaize’s team recently provided a new audit of the Nemus NFT smart contracts. Read the report below:

Nemus_2_NFT_smart_contract_audit

Service

  • Security audits

Blockchain

  • Ethereum

Project stage

Report

Other cases

SMART CONTRACT SECURITY AUDIT FOR CRYPTO COLLECTIVE

Service

  • Security audits

Blockchain

  • Ethereum
1 day
Smart Contract Security Audit For PeakDeFi

Service

  • Security audits

Blockchain

  • Ethereum
2 weeks
SMART CONTRACT SECURITY AUDIT FOR CRYPTOBEAR WATCH CLUB

Service

  • Security audits

Blockchain

  • Ethereum
1 week
APP DEVELOPMENT FOR THE CRYPTO GAME
NOMO FANTASY BASKETBALL LEAGUE

Service

  • Blockchain based platforms
  • Crypto games
  • GameFi
  • Smart contracts
  • Staking platforms
  • Token emission and distribution

Blockchain

  • Polygon
3 months
SMART CONTRACT SECURITY AUDIT FOR 1INCH

Service

  • Security audits

Blockchain

  • Ethereum
2 weeks
DECENTRALIZED APP DEVELOPMENT FOR THE CRYPTO GAME

Service

  • Blockchain based platforms
  • Crypto games
  • Smart contracts
  • Staking platforms
  • Token emission and distribution

Blockchain

  • Ethereum
  • Polygon
6 months
SMART CONTRACT DEVELOPMENT FOR THE CONTENT DELIVERY PLATFORM

Service

  • Smart contracts

Blockchain

  • Ethereum
4 weeks
Smart contract based betting platform development for SocialBets

Service

  • Smart contracts

Blockchain

  • Ethereum
2 months
Blaize

Address

Kyiv, Ukraine26 Metalistiv St

Dnipro, Ukraine20 Sichovykh Striltsiv St

Contactкее

Tel.: +34 624 45 15 40 E-mail: info@blaize.tech

Follow

  • Facebook
  • Twitter
  • LinkedIn
  • twitter
  • facebook
  • linkedin

Subscribe news

    top blockchain developers
    GoodFirms Badge

    Copyright © Blaize - blockchain development company 2018-2022

    B2B inbound marketing with