Services

Smart Contract Audit

Analyze decentralized application’s smart contracts and the overall operation with static code analysis, dynamic analysis, and manual review to identify vulnerabilities together with technical & business logic flaws that may expose applications to various external risks

Decentralized Application Security Consulting

Provide consultation from design to development of decentralized applications, resolving both technical and business issues with professional support along the product development life cycle, maximizing the security level of smart contracts to protect our clients and their users

Digital Assets Investment Consulting

Provide consultation to investment funds and high-net-worth individuals on the security of DeFi projects and earning opportunities in the blockchain ecosystem, focusing on translating vulnerabilities and issues identified to easy-to-understand impact on the deployed capital

Methodology

  • Pre-Audit

    Build up understanding of the overall operations of the related smart contracts. Check for audit targets’ readiness, and make necessary internal preparations for the audit

  • Audit

    Inspect smart contracts using industry-accepted automated analysis tools and manual analysis by a team of professionals to identify both general coding bugs and advanced smart contract vulnerabilities in decentralized application's workflow and logic

  • Preliminary Report

    Deliver preliminary findings with professional suggestions and consultation on how to remediate the identified issues

  • Reassessment

    Verify the status of each issue and re-inspect to ensure there are no additional complications caused by the fixes applied

  • Final Report

    Provide a full final report with the detailed description, risk rating, and status of each identified issue

Researches

Flash Loan/Flash Swap Using UniswapV2-Based AMMs

Flash loan has been one of the most impactful techniques used in smart contract attacks, and it is getting more prevalent.

read more

bEarn.Fi Incident Analysis — bVaults Improper Withdrawal Amount Handling

Started from 10:36:20 AM UTC on May 16th, 2021, bEarn.Fi’s BUSD vault was exploited due to improper withdrawal amount handling.

read more

ValueDeFi’s Invalid Share Calculation Exploit In-depth Analysis

Started from 08:13:06 PM UTC on May 7th, 2021, ValueDeFi’s multi-strategy WBNB vault was exploited due to an invalid share calculation exploit.

read more

Our Audits

WSwap

Wault Finance

WSwap is an Automated Market Maker (AMM) protocol that is forked from Uniswap V2 and launched on the Binance Smart Chain (BSC). On WSwap, users can perform ERC20 token swapping easily with the liquidity pool of the platform. Users can also provide liquidity to the pools and gain a part of the swapping fee and the platform’s reward tokens.

Download report

CakeMaxi

Alpaca Finance

CakeMaxi is a new feature for Alpaca Finance, extending the existing features, allowing users to open leveraged yield farming positions on PancakeSwap CAKE Syrup Pool to maximize their $CAKE reward.

Download report

WexMaster Phase 2

Wault Finance

WexMaster is a smart contract made to distribute Wault Finance platform’s governance token. The users can stake predefined tokens into the pools to gain the governance token as a reward.

Download report

Fair Launch & Tokens

Seeder Finance

Seeder Finance is a yield farming protocol on Binance Smart Chain. On Seeder Finance, users can seed their funds, plant the seeds into different farms, and harvest their earnings.‌

Download report

Infinitee Vault

Infinitee Finance

Infinitee Vault is designed to integrate with other yield farming platforms. Users can stake a token to the vault, the vault would collectively stake the users’ token to the integrated farm and periodically swap the yield farming reward harvested to another token specified in the contract.‌

Download report

Optimized Worker

Alpaca Finance

Optimized Worker is a new implementation of workers including PancakeSwap worker, CakeMaxi worker, and WaultSwap worker that add the buyback functionality.

Download report