The codebase for CompliFi’s automated market maker (AMM) pool contract has undergone an audit by the CertiK Auditing Team. Through the utilization of this AMM, anyone is able to create a pool and finalize it, following that any user is able to join the pool and receive pool tokens. The summary of the audit and its findings follows up.
CompliFi Protocol comprises a decentralized protocol for issuing a wide range of financial derivatives without the risk of default, liquidations, or collateral calls.
In early February, CompliFi expanded their product offering beyond the aforementioned derivatives issuance protocol to include an AMM focused on handling extremely volatile assets. End users of risk can now purchase a range of x5 leveraged tokens, with more instruments set to arrive in the future.
The CompliFi AMM makes a number of changes from the conventional AMM design:
Read more on all things CompliFi here
The CompliFi AMM codebase was reviewed between March 10th - March 23rd, 2021, utilizing a combination of static analysis and manual review. The findings identified mainly refer to optimization issues, with a few minor and medium level issues.
The CertiK Professional Services team assigned to SpiderDAO reviewed the code implementation for a plethora of smart-contract-oriented functions, effectively going through the most significant parts of the codebase responsible for the core functionality of the system, as pointed out in the project’s statements.
The auditing process focuses on the following considerations:
A total of 25 vulnerabilities, or informational issues, have been identified. The Security Team identified 19 informational issues, 4 minor vulnerabilities, and 2 medium vulnerabilities. The CompliFi team has remediated 22 out of the 25 identified issues, including all minor and medium vulnerabilities.
You can review the full audit here.
CompliFi is a combination of a derivative issuance protocol and AMM on Ethereum, designed to entirely eliminate counterparty risk. It allows users to structure, issue and trade a wide variety of synthetic risk assets, without ever facing collateral calls and liquidations.
CompliFi is dedicated to reaching the highest level of decentralization and has been designed from the outset to eschew all authority over user funds.
CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.
Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.
Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.
Consult with one of our experts at [email protected]
Stay connected!