Smart Contract Security Audit For Gerobi

Score:
10 /10
Ecosystem:
Aurora
Type:
DeFi

Overview

The Gerobi protocols and Gerobi DAO on the AURORA chain, form a decentralized organization that builds financial infrastructure for WEB3. Users can use our protocols to maximize capital efficiency and manage their funds in DeFi to earn high yields.

Services: Smart Contracts Audit
Technologies: Aurora Solidity

Task

Blaize’s task was to find and describe security issues in the smart contracts of the platform.

We needed to check the Gerobi protocol with the following parameters:

  • Whether the token contract is secure;
  • Whether the token implements ERC20 standard correctly;
  • Whether the code does not contain malicious functionality hidden.

We have scanned both sets of smart contracts for commonly known and more specific vulnerabilities:

  • Unsafe types conversion and unsafe math;
  • Timestamp Dependence;
  • Reentrancy;
  • Correct roles distribution and access control flow;
  • Gas Limit and Loops;
  • Transaction-Ordering Dependence;
  • DoS attacks with (Gas Limit, unexpected reverts, storage abuse, etc.);
  • Byte array vulnerabilities;
  • Style guide violation;
  • ERC20 standard correspondence and correct tokens usage;
  • Uninitialized state/storage/ local variables;

Also, the Gerobi protocol was checked against less common vulnerabilities from the internal Blaize.Security knowledge base.

Gerobi ensures that users can put their capital to work today, and to build products that help millions of others do the same tomorrow. At the same time, any project, dealing with clients’ investments must be exceptionally secure. This was one of the most important points of Gerobi cooperating with Blaize.

The scope of the project includes Gerobi set of contracts:

1/ GerobiERC20.sol

Code was delivered as a contract deployed on Aurora testnet. Audited contracts represent ERC20 token with standard OpenZeppelin implementation. The contract also inherits ERC20Permit contract.

Smart Contract Security Audit Procedure

Blaize.Security has an established security audit procedure. It includes the following steps:

Comprehensive Security Audit

  • Manual code review;
  • Static analysis by automated tools;
  • Business logic review and decomposition of the system;
  • Unit test coverage check;
  • Extensive integration testing;
  • Fuzzy and exploratory testing;
  • Providing a detailed report of detected issues;
  • Verification of fixes;
  • Final audit report preparation & publishing.

Automated Tools Analysis

  • The Blaize.Security team carried on a scanning of Gerobi contracts by several publicly available automated analysis tools such as Mythril, Solhint, Slither, and Smartdec. Manual verification of all the issues found with tools.

Manual Code Review

  • The Blaize.Security team made a manual analysis of smart contracts for any security vulnerabilities. We checked smart contract logic and compared it with the one described in the documentation.

Unit Test Coverage

  • The scope of the audit includes the unit test coverage, which is based on the smart contract code, documentation and requirements presented by the Gerobi team. The coverage is calculated based on the set of Hardhat framework tests and scripts from additional testing strategies. However, to ensure the security of the contract, the Blaize.Security team suggests that the Gerobi team launch a bug bounty program to encourage further active analysis of the smart contracts.

Security Analysis Report

  • Finally, we have provided the Gerobi team with the smart contracts security analysis report. Besides, the report contains the confirmation of fixes and necessary explanations from the Gerobi team.

Audit Result

Blaize auditors verified compatibility with the ERC20 standard, and found out that the token inherits standard OpenZeppelin contracts (most of the standard contracts from 4.8.0 version). Our auditors also prepared a set of tests to check the standard functionality (transfer, approve, balances, permit) and correct token parameters.

The project’s native token will have the ticker “Gerobi Token” / “GRB” with the initial supply minted just once during the construction and transferred to the recipient chosen by the deployer.

Audit Result Image

During the audit, Blaize detected only one informational issue with the solc version used for contracts: the contract uses not the latest solc version. Therefore, according to our requirements and rules, the overall security of the smart-contracts system of Gerobi protocol can be evaluated as Highly Secure, 10 out of 10!

Score:
10 /10
Rate Background

Get in Touch

Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals.
Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.