Overview
Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018. It’s a self-funded, profitable business employing 125+ people and running over 8,000 nodes.
Task
We were assigned to detect and describe security issues in the smart contract of Everstake.
We needed to check the smart contracts with the following parameters:
Whether the contract is secure;
Whether the contract corresponds to the documentation;
Whether the contract meets best practices in terms of the efficient use of gas and code readability.
We have scanned this smart contract for commonly known and more specific vulnerabilities:
- Unsafe type inference;
- Timestamp Dependence;
- Reentrancy;
- Implicit visibility level;
- Gas Limit and Loops;
- Transaction-Ordering Dependence;
- Unchecked external call – Unchecked math;
- DoS with Block Gas Limit;
- DoS with (unexpected) Throw;
- Byte array vulnerabilities;
- Malicious libraries;
- Style guide violation;
- ERC20 API violation;
- Uninitialized state/storage/ local variables;
- Compile version not fixed.
In addition, Everstake was checked against less common vulnerabilities from the internal Blaize.Security knowledge base.