NEW YORK, 10/12/2020 - We’re happy to announce that the $BOOST governance token, including its functionality with a plethora of native smart contracts such as Boost treasury, Boost token rewards, Controller, and Vault has been successfully audited with CertiK. No issues identified by Certik were considered a threat to the safety of the smart contract deployment. A summary of the audit scope and findings as documented by the CertiK Professional Services Division follows up.
Use-Case Profile
Boosted Finance is a community- governed DeFi protocol with compounded value generation for stakeholders through yield optimized strategies through bVaults. The key difference between bVaults and alternative vault projects is that depositors are able to amplify their rewards and speculate on the yield of a particular strategy through the purchases of boosters.
Thanks to the decentralized, community-driven approach, anyone is able to submit a strategy to create a bVault and be eligible to claim a performance fee once a minimum return amount per epoch has been met.
Boosted Finance is keen on deploying more bVaults among other DeFi functions in the future as well as introducing a secondary token model, designed to accrue a % of the value of all bVault rewards, products, and services.
Code Review & Auditing Process
The initial review was conducted between September 9 - December 4, by CertiK security engineers Alex Papageorgiou, and Angelos Apostolidis.
The CertiK Professional Services team assigned to Boosted reviewed the code implementation for the mainnet blockchain solution, effectively going through the most significant parts of the codebase responsible for the core functionality of the DeFi protocol.
A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques. The auditing process focuses on the following considerations:
- Testing smart contracts against both common and uncommon attack vectors.
- Assessing the codebase to ensure compliance with current best practices and industry standards.
- Ensuring contract logic meets the specifications and intentions of the client.
- Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
- Through a line-by-line manual review of the entire codebase.
A total of 43 findings were reported on the vulnerability summary, the vast majority of which were informational (35), while only 5 minor, 1 medium, and 2 major issues were identified. No critical issues were found during the auditing process, and the Boosted team alleviated all issues, pointing towards a well-written codebase by the team’s engineers.
You can review the full audit here.
About CertiK
CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.
Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.
Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.
Consult with one of our experts at bd@certik.io
Stay connected!
