CertiK is proud to announce another successful audit for Tellor, a decentralized oracle for DeFi that bridges the gap between off-chain data and on-chain needs.
An Introduction to Tellor
Tellor, a system that is truly censorship resistant and transparent, solves the problem of a lack of secure and decentralized price feeds for DeFi applications. Because smart contracts built on Ethereum restrict access to off-chain data, oracles provide a way to secure a source of high quality data. However, relying on an oracle defeats the purpose of decentralized technology.
The Tellor Oracle allows smart contracts to receive data from an on-chain data bank where miners compete to add the data points for their native token, Tributes. This allows contracts and dApps to reach their full potential through the following benefits:
- A decentralized foundation incentivizes participants to distribute truthful data because of their economic interest and stake in the validity / success of the data
- The oracle reduces risk associated with a single-party providers who can cut access to API data, censor users, and manipulate data for private gain
- By creating an effective, secure, and incentivized system for off-chain data, the oracle de-incentivizes adversarial submissions.
CertiK was excited to work on the second engagement with Tellor. The first audit was a code review on the V1 version of Tellor Core. Details of those findings can be found here.
Testing Summary and Scope
The goal of this engagement was to review the Solidity implementation of the second version of Tellor Core. The CertiK team analyzed its business model and general design and architecture to find potential security vulnerabilities and uncover bugs that could compromise the software in production. The scope of the audit also included any contract dependencies that were not part of the officially recognized library.
Below is a summary of CertiK’s testing:
- Type: Smart Contracts
- Source Code: https://github.com/tellor-io/TellorCore/
- Platform: EVM
- Language: Solidity
- Methods: Dynamic Analysis, Static Analysis, and Manual Review
Summary and CertiK’s Analysis
While the codebase of the project did not conform to the traditional Solidity style guide, CertiK’s team was able to understand the functionality and implementation of the code through the documentation provided by Tellor. The sources of truth regarding the codebase was extensive, and well documented.
Most issues found were of negligible importance, and mostly referred to coding standards and inefficiencies. CertiK always recommends to update all flaws, regardless of the importance, to ensure that the contracts are of the highest standards and quality.
CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.
CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.
CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.
Consult with one of our experts at firstname.lastname@example.org