PeakDeFi: Case Study For Smart Contract Security Audit
PeakDeFi is a decentralized asset management protocol. The main technology is concentrated on smart contracts that manage and redistribute users’ profit automatically and trustlessly.
About the project
Blaize was contacted to perform a smart contract security analysis of the two PeakDeFi contracts. The first contract enables the deposit and withdrawal functions. This is one of the core contracts of the protocol so our main goal was to ensure the highest level of security. The second contract is managing the factory for new funds and also needs to be secured in the best way.
Blaize’s main task was to find and describe security issues in the smart contracts of the protocol.
Every contract is subject to manual and automated code review. Nevertheless, the type of vulnerabilities and scope may vary depending on such characteristics as programing language, project scope, contract consistency, and overall contract utility within the protocol.
Thus, in the case of security analysis of the PeakDeFi contracts we have chosen the following set of vulnerabilities that need to be considered:
● Unsafe type inference;
● Timestamp Dependence;
● Implicit visibility level;
● Gas Limit and Loops;
● Transaction-Ordering Dependence;
● Unchecked external call – Unchecked math;
● DoS with Block Gas Limit;
● DoS with (unexpected) Throw;
● Byte array vulnerabilities;
● Malicious libraries;
● Style guide violation;
● ERC20 API violation;
● Uninitialized state/storage/local variables;
● Compile version not fixed.
SMART CONTRACT SECURITY AUDIT PROCEDURE
Blaize.Security has an established security audit procedure. It includes the following steps:
- Check for code consistency whether the contract corresponds to the documentation;
- Checks against the standard list of vulnerabilities we have mentioned above;
- Static analysis by automated tools;
- Manual code analysis and code quality review;
- Gas usage analysis;
- Unit tests coverage check;
- Security analysis report delivery
- Post-audit fixes review
According to the code review for PeakDeFi no critical issues were found. Yet, the contracts had a few issues regarding code consistency and did not follow the best coding practices in some aspects. The report was delivered to the team for further reconstruction and code improvements.
See the full list of found weak points and recommendations about their improvements in this document:PeakDeFi_Smart_Contract_Audit_1
After receiving the review and comments, the dev team of PeakDeFi has implemented all the needed improvements and fixed the majority of issues regarding code consistency.
In the end, the overall security of the PeakDeFi contracts can be evaluated as 98% out of 100%, so can be perceived as reliable and safe for usage.
Blaize’s team of auditors is continuing to cooperate and guard the security of PeakDeFi protocol. See PeakDeFi Launchpad smart contract audit transcript below:PeakDeFi_Launchpad_smart_contract_audit