Overview
We are happy to say that we’ve finished a smart contract security audit for LiquidAccess, the protocol for advanced operations with NFTs.
Task
The main task of the Blaize.Security team was to find and describe any security issues in the smart contracts of the platform.
We needed to check the LiquidAccess smart contracts according to the following parameters:
Whether the contract is secure;
Whether the contract corresponds to the documentation;
Whether the contract meets best practices in the efficient use of gas, code readability.
Thus, the contracts were checked against the following set of commonly known and more specific vulnerabilities during the LiquidAccess code audit:
- Unsafe type inference;
- Timestamp Dependence;
- Reentrancy;
- Implicit visibility level;
- Gas Limit and Loops;
- Transaction-Ordering Dependence;
- Unchecked external call;
- Unchecked math;
- DoS with Block Gas Limit;
- DoS with (unexpected) Throw;
- Byte array vulnerabilities;
- Malicious libraries;
- Style guide violation;
- ERC20 API violation;
- Uninitialized state/storage/ local variables;
- Compile version not fixed.
Also, the LiquidAccess NFT set of contracts was checked against the less common vulnerabilities from the internal Blaize.Security knowledge base.