Smart Contract Security Audit For Binaryx

Score:
9.8 /10
Ecosystem:
Polygon
Type:
Tokenization Platform
Background Image

Overview

Binaryx is a marketplace of tokenized real estate that bridges the real estate market and the rapidly developing world of DeFi projects. Currently, Binaryx Protocol provides property owners with a system of oracles that allows them to tokenize and retail their property and allows users to invest in tokenized real estate, obtaining fractional ownership.

Services: Smart Contracts Audit
Technologies: Polygon Solidity

Task

We were assigned to detect and describe security issues in the smart contract set of the Binaryx protocol.

We needed to check the smart contracts with the following parameters:

  • Whether the contract is secure;
  • Whether the contract corresponds to the documentation;
  • Whether the contract meets best practices regarding the efficient use of gas and code readability.

We have scanned this smart contract for commonly known and more specific vulnerabilities:

  • Unsafe type inference;
  • Timestamp Dependence;
  • Reentrancy;
  • Implicit visibility level;
  • Gas Limit and Loops;
  • Transaction-Ordering Dependence;
  • Unchecked external call;
  • Unchecked math;
  • DoS with Block Gas Limit;
  • DoS with (unexpected) Throw;
  • Byte array vulnerabilities;
  • Malicious libraries;
  • Style guide violation;
  • ERC20 API violation;
  • Uninitialized state/storage/ local variables;
  • Compile version not fixed.

In addition, Binaryx protocol was checked against less common vulnerabilities from the internal Blaize.Security knowledge base.

Workflow Overview

One of the Binaryx smart contract work flow

Workflow Overview Image

During the audit, we examined the security of smart contracts for the Binaryx protocol. Our task was to find and describe any security issues in the platform’s smart contracts.

The Binaryx smart contracts are designed so that they allow the administrator to have complete control over the asset’s status, while the money of the user who participates in the asset purchase is entirely under his control. Contracts have all the possibilities for selling assets. All conditions of sale are transparent to the user. The role of the administrator is only to change the state of an asset. Likewise, the rules by which changes in the state of an asset occur are fixed in smart contracts.

The whole Protocol consists of plenty of smart contracts that provide the users with the special features of the project.

The PropertyFactory smart contract serves as s central hub for managing assets within the protocol. It provides a streamlined interface for administrators to list new assets and get already deployed assets. The mechanics of its functionality is shown in the scheme above.

Smart Contract Security Audit Procedure

Blaize.Security has an established security audit procedure. It includes the following steps:

Comprehensive Security Audit

  • Manual code review;
  • Static analysis by automated tools;
  • Business logic review;
  • Unit test coverage check;
  • Extensive integration testing;
  • Fuzzy and exploratory testing;
  • Providing a detailed report of detected issues;
  • Verification of fixes;
  • Final audit report preparation & publishing.

Automated Tools Analysis

  • The team has checked the contract with the help of several publicly available automated analysis tools, such as Mythril, Solhint, Slither, and Smartdec. Also, we have done manual verification of all the issues detected by automated tools.

Manual Code Review

  • Manual analysis of smart contracts for security vulnerabilities.
  • We checked smart contract logic and compared it with the one described in the documentation.

Unit Test Coverage

  • The scope of the audit includes the unit test coverage, which is based on the smart contract code, documentation, and requirements presented by the Binary team. The coverage is calculated based on the set of Hardhat framework tests and scripts from additional testing strategies. However, to ensure the security of the contract, the Blaize.Security team suggests that the Binaryx team launch a bug bounty program to encourage further active analysis of the smart contracts.

Security Analysis Report

  • Eventually, we have provided the Binaryx team with a smart contract security analysis report. The document contains all detected risks and the possible variants of their mitigations, issues, vulnerabilities details, and recommendations for improvements.

Audit Result

No critical issues were found. Two high issues were associated with asset price changes down and the ability of the admin to change the state to any of the states without fixed conditions. These two issues have been fixed, as have others.

Audit Result Image

The overall security is high enough. Contracts’ code has a good readability and fulfills the necessary logic. Thus, according to the rules listed above, the level of overall Binaryx protocol security can be evaluated as Highly Secure, 9.8 out of 10.

Score:
9.8 /10
Rate Background

Get in Touch

Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals.
Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.