Hacken conducts Smart Contract Code Review with Security Analysis for DefiCliq
Hacken was recently hired by Deficliq to conduct a smart contract code review and comprehensive security analysis of their product offering. Hacken is known worldwide as one of the best cybersecurity firms and has placed extra emphasis on blockchain security and cryptocurrency exchanges.
It is a cybersecurity ecosystem that ensures the safety of organizations and their digital environments. Hacken was recruited as a consultant by Deficliq to report the findings of the security assessment of the customer’s smart contract and its code review conducted between November 9 — November 12, 2020.
Hacken thoroughly scanned the smart contract for specific vulnerabilities. The review was divided into two aspects: Code review and Functional review. Under the code review items that were taken into consideration were Ownership Takeover, DoS with (Unexpected) Throw, Style guide violation, ERC20 API violation, Gas Limit, and Loops, and much more. The functional review checks will invade categories such as functionality checks, Access Control & Authorization, Token Supply manipulation, Assets integrity, etc.
The risk levels of the vulnerabilities discovered will be categorized into five different categories namely:
Results of the review and analysis
We are proud to report that Hacken has stated “The code is clean; follows smart contract security best practice” and stated that the CLIQ token was “well secured”. No critical issues, high risk, or medium risk issues have been found. As a matter of fact, the only thing Hacken could suggest was to lock the pragma version, which was regarded as a very low level and minor issue, essentially this is merely suggesting to update to the latest solidity version.
The scope of the review that was conducted was the most comprehensive available.
Hacken scrutinized the code review and left no stone unturned, examining and analyzing: reentrancy, timestamp dependence, gas limit and loops, DoS with (unexpected) throw , DoS with Block Gas Limit , transaction-ordering dependence, possibility of unchecked external call or unsafe type inference, and a bevy of other code checks.
The Hacken team performed an analysis of code functionality with automated checks with Mythril and Slither. A manual review was conducted when issues were found during the automated analysis. According to the assessment, the DefiCliq customer smart contracts are well-secured and no alarming vulnerabilities were discovered.
Effective and appropriate static analysis tools were used to manually review and analyze the smart contracts within the scope. It was also manually reviewed later for a double-check. For the contract, a high-level description was present in the AS-IS section of the report. The report that it has presented DefiCliq collates all information about the security vulnerabilities along with other minor issues that are contained in the reviewed code.
Holistically speaking the code is clean and DefiCliq has invested well enough to ensure that best practices are followed. Its smart contract code security is flawless and represents a prime example of benchmarked practices.
DefiCliq, the first organization to offer both collateralized and uncollateralized loans operates with a mission to democratize the lending market opening further possibilities in this space. With features like DAO, staking, and interoperability as a Polkadot Substrate Project, it is vying to become a leading player in the fintech space.
DefiCliq offers a comprehensive range of solutions that address the pain points of the industry and user needs. The investors can diversify and distribute effectively their risks over multiple layers. Lenders are given the option to select the amount of risk they can take and the crux of all of it is that no borrowers should be left behind just because they cannot provide collateral for the loan.
Its governance token, the CLIQ token is used as a staking reward to yield farmers and even gas fees for transacting on the platform. The holders of the token also will be given rights in the ecosystem and they will also earn them a proportion of the fees with stakes in a non-custodial contract. The innate benefits of the platform are:
Interoperability — Cross-chain communication facilitation user interaction with other DeFi protocols.
Uncollateralized loans — No more collaterals required for lending and borrowing
Token staking — incentivizing the users to be a part of the system and helping them earn additional rewards
Anonymity — It explores the real power of decentralization and saves users from the clutches of traditional finance mechanisms.