Blaize
Contact us
  • Home
  • Services
    • Back
    • Blockchain ecosystems
    • Decentralized application
    • Smart contracts
    • Developer tools
    • Enterprise solutions
    • Blockchain integration
    • NFT Development Services
    • NFT Marketplace Development
    • GameFi Development
    • Token Development Services
  • Blaize.Security
  • Solutions
    • Back
    • Blockchain Consulting Services
    • For enterprises
  • Team
  • Cases
  • Blog
  • Careers
  • fb
  • LinkedIn
  • Twitter
info@blaize.tech +38 095 53 72 031

Kyiv, Ukraine

26 Metalistiv St

Dnipro, Ukraine 20

Sichovykh Striltsiv St

SMART CONTRACT SECURITY AUDIT FOR TITLE DEEDS CEX BY VIEWPOINT LABS

1 week

Share:

Share on FacebookShare on TwitterShare on TelegramShare on WhatsApp

Viewpoint Labs specializes in consumer products with a focus on web3 and entertainment. They build applications with outstanding user experience simplifying mass adoption of new technologies to 200+ millions of users worldwide.

In this case we consider the smart contract security audit of Title Deeds CEX protocol that was powered by the Viewpoint Labs team. This is the second audit of this protocol. The first time was the audit of core contract TitleDeeds.sol.

ABOUT THE PROJECT 

Our task was to find and describe security issues in the smart contracts of the platform. Blaize Security reviewed the whole set of contracts within the scope provided by the Viewpoint Labs team. The protocol allows users to redeem their Title Deeds NFTs in the Ethereum network and receive Parcel and Blueprint NFTs in the BNB Chain network.

Title Deeds CEX Protocol Flow
Title Deeds CEX Protocol Flow

The protocol also contains custom ERC721 and ERC1155, which extend a basic NFT functionality with role management, minting, royalty, metadata update notifications, and batchable retrieving of info about NFTs. The Blaize Security team also reviewed all of these implementations.

MAIN REQUIREMENTS

We were assigned to detect and describe security issues in the smart contract set of the  Title Deeds CEX protocol.

We needed to check the smart contracts with the following parameters:

Whether the contract is secure; 

Whether the contract corresponds to the documentation; 

Whether the contract meets best practices in terms of the efficient use of gas and code readability.

We have scanned this smart contract for commonly known and more specific vulnerabilities:

  • Unsafe type inference; 
  • Timestamp Dependence; 
  • Reentrancy; 
  • Implicit visibility level; 
  • Gas Limit and Loops; 
  • Transaction-Ordering Dependence; 
  • Unchecked external call – Unchecked math;
  • DoS with Block Gas Limit; 
  • DoS with (unexpected) Throw; 
  • Byte array vulnerabilities; 
  • Malicious libraries; 
  • Style guide violation; 
  • ERC20 API violation; 
  • Uninitialized state/storage/ local variables; 
  • Compile version not fixed.

In addition, Title Deeds CEX protocol was checked against less common vulnerabilities from the internal Blaize.Security knowledge base.

SMART CONTRACT SECURITY AUDIT PROCEDURE

Blaize.Security has an established security audit procedure. It includes the following steps: 

  1. Manual code review;
  2. Static analysis by automated tools;
  3. Business logic review;
  4. Unit test coverage check;
  5. Extensive integration testing;
  6. Fuzzy and exploratory testing;
  7. Providing a detailed report of detected issues;
  8. Verification of fixes;
  9. Final audit report preparation & publishing.

See our recent smart contract audit case here: Smart Contract Security Audit for Bluelight. 

AUTOMATED TOOLS ANALYSIS 

The team has checked the contract with the help of several publicly available automated analysis tools, such as Mythril, Solhint, Slither, and Smartdec. Also, we have done manual verification of all the issues detected by automated tools.

MANUAL CODE REVIEW 

During the manual audit, the Blaize Security team analyzed contracts against the list of common vulnerabilities and internal checklists, checked the correspondence to the Solidity best practices (including code style and gas optimization), and validated the correspondence of the business logic of the protocol to the described one.

UNIT TEST COVERAGE

The scope of the audit includes the unit test coverage that bases on the smart contracts code, documentation, and requirements presented by the Viewpoint Labs team. Coverage is calculated based on the set of Hardhat framework tests and scripts from additional testing strategies. Though, in order to ensure a security of the contract Blaize.Security team recommends the Viewpoint Labs team implement a bug bounty program to encourage further and active analysis of the smart contracts.

SECURITY ANALYSIS REPORT

In the end, we have provided to the Viewpoint Labs team a smart contract security analysis report. The document contains all detected risks and the possible variants of its mitigations, issues, vulnerabilities details, and recommendations for their improvements.   

NEED A SMART CONTRACT AUDIT TOO? CHECK ALL BLAIZE SECURITY SERVICES. 

AUDIT RESULT

The Blaize.Security team found one medium-risk, one low-risk, and a few lowest-severity issues during the audit, and the Viewpoint Labs team successfully fixed all of them.

The overall security of smart contracts is high enough. Contracts are well-written and tested: Viewpoint Labs team prepared a solid unit test coverage. Nevertheless, the Blaize Security team prepared its own tests, including additional scenarios to validate the exchange process.

Thus, according to the rules listed above, the level of overall Title Deeds CEX protocol security can be evaluated as Highly Secure, 9.7 out of 10.

The audit document with the full list of identified vulnerabilities and recommendations for their improvements can be found below:

ViewPoint-audit-report

Service

  • Security audit

Blockchain

  • BNB Chain
  • Ethereum

Project stage

Security audit

Other cases

SMART CONTRACT SECURITY AUDIT FOR NEMUS

Service

  • Security audit

Blockchain

  • Ethereum
2 weeks
SMART CONTRACT SECURITY AUDIT FOR BINARYX

Service

  • Security audit

Blockchain

  • Polygon
3 weeks
SMART CONTRACT SECURITY AUDIT FOR LIQUIDACCESS

Service

  • Security audit

Blockchain

  • Ethereum
1 week
SMART CONTRACT SECURITY AUDIT FOR CUPCAKE – NFT APP

Service

  • Security audit

Blockchain

  • Ethereum
3 weeks
SMART CONTRACT SECURITY AUDIT FOR CRYPTOBEAR WATCH CLUB

Service

  • Security audit

Blockchain

  • Ethereum
1 week
SMART CONTRACT SECURITY AUDIT FOR RAINBOW BRIDGE BY AURORA

Service

  • Security audit

Blockchain

  • Ethereum
  • NEAR
7 weeks
SOULBOUND TOKEN MVP DEVELOPMENT FOR PROJECT – SOUL SEARCH

Service

  • NFT development
  • Smart contracts
  • Token development

Blockchain

  • Polygon
3 weeks
SMART CONTRACT SECURITY AUDIT FOR 1INCH

Service

  • Security audit

Blockchain

  • Ethereum
2 weeks
Blaize

Address

Kyiv, Ukraine26 Metalistiv St
Dnipro, Ukraine20 Sichovykh Striltsiv St

Contact us

  • Tel.: +34 624 45 15 40
  • E-mail: info@blaize.tech

Menu

  • Home
  • Cases
  • Blog
  • Careers

Socials

  • Facebook
  • Twitter
  • LinkedIn
  • twitter
  • facebook
  • linkedin

Services

  • Blockchain ecosystems
  • Decentralized application
  • Smart contracts
  • Developer tools
  • Enterprise solutions
  • Blockchain integration
  • Smart contract audit
  • NFT development services
  • NFT marketplace
  • GameFi development
  • Token development
  • Blaize.Security

Solutions

  • For Startaps
  • For Enterprises

Subscribe news







    Popular Topics

    • 6 platforms for dApp development in 2023
    • How to do a smart contract audit
    • Tokenomics for crypto games
    • Smart contracts vulnerabilities
    • Launch an ICO, STO, and IEO in 2023
    • Create a stablecoin on Ethereum
    • Top 7 DeFi exploits&hacks in 2022
    top blockchain developers
    techreviewer
    GoodFirms Badge

    Copyright © Blaize - blockchain development company 2018-2023

    B2B inbound marketing with