Smart Contract Security Audit For PeakDeFi

Score:
9.8 /10
Ecosystem:
Ethereum
Type:
DeFi
Background Image

Overview

PeakDeFi is a decentralized asset management protocol. The main technology is concentrated on smart contracts that manage and redistribute users’ profit automatically and trustlessly.

Services: Smart Contracts Audit
Technologies: Ethereum Solidity

Task

Blaize’s main task was to find and describe security issues in the smart contracts of the protocol.

Every contract is subject to manual and automated code review. Nevertheless, the type of vulnerabilities and scope may vary depending on such characteristics as programing language, project scope, contract consistency, and overall contract utility within the protocol.

Thus, in the case of security analysis of the PeakDeFi contracts we have chosen the following set of vulnerabilities that need to be considered:

  • Unsafe type inference;
  • Timestamp Dependence;
  • Reentrancy;
  • Implicit visibility level;
  • Gas Limit and Loops;
  • Transaction-Ordering Dependence;
  • Unchecked external call;
  • Unchecked math;
  • DoS with Block Gas Limit;
  • DoS with (unexpected) Throw;
  • Byte array vulnerabilities;
  • Malicious libraries;
  • Style guide violation;
  • ERC20 API violation;
  • Uninitialized state/storage/local variables;
  • Compile version not fixed.

Blaize was contacted to perform a smart contract security analysis of the two PeakDeFi contracts. The first contract enables the deposit and withdrawal functions. This is one of the core contracts of the protocol so our main goal was to ensure the highest level of security. The second contract is managing the factory for new funds and also needs to be secured in the best way.

Smart Contract Security Audit Procedure

Blaize.Security has an established security audit procedure. It includes the following steps:

  • Check for code consistency whether the contract corresponds to the documentation;
  • Checks against the standard list of vulnerabilities we have mentioned above;
  • Static analysis by automated tools;
  • Manual code analysis and code quality review;

  • Gas usage analysis;
  • Unit tests coverage check;
  • Security analysis report delivery
  • Post-audit fixes review

Audit Result

According to the code review for PeakDeFi no critical issues were found. Yet, the contracts had a few issues regarding code consistency and did not follow the best coding practices in some aspects. The report was delivered to the team for further reconstruction and code improvements. After receiving the review and comments, the dev team of PeakDeFi has implemented all the needed improvements and fixed the majority of issues regarding code consistency.

Audit Result Image

In the end, the overall security of the PeakDeFi contracts can be evaluated as 98% out of 100%, so can be perceived as reliable and safe for usage.

Score:
9.8 /10
Rate Background

Get in Touch

Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals.
Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.