RioDeFi, a DeFi infrastructure platform, aims to accelerate the adoption of digital assets by bridging traditional and decentralized finance. This is done by developing solutions that connect businesses, financial Institutions, and banks with distributed ledger systems.
At the core of RioDeFi is RioChain. All applications built on RioChain enable lower transaction fees, faster confirmations, more efficiency, and a greater global reach. The characteristics of this chain include:
CertiK was excited to work with the RioDeFi team to examine issues and vulnerabilities in the source code of their system within the scope. A comprehensive audit examination has been performed, and a penetration test on RioWallet.
CertiK team was contacted by the RioDefi team to audit the design and implementations of the to be released as a Substrate based system. The audited modules include:
The goal of this audit is to review RioDeFi implementation for its business model, study potential security vulnerabilities, its general design and architecture, and uncover bugs that could compromise the software in production. The process paid special attention to the following considerations:
Additionally, CertiK performed an application penetration test for the RioDeFi mobile wallet application. The main objective of the penetration test was to test the overall resiliency of the application to various real-world attacks against the application's controls and functions. Thus, RioDeFi would be able to identify its weaknesses and provide recommendations to fix and improve security posture.
Regarding the audit, the codebase makes good use of the framework specifics and Rust’s best practices. CertiK’s team of engineers found only some minor exceptions, which were swiftly fixed by the team in complete.
The engineers stated, “Regarding the implementation of the privileged functionality handling and secure design around the framework with proper parameterization, the codebase was found to respect the frameworks specifications and be in alignment with the intended functionality as modules.”
Regarding the penetration test, CertiK tested it against different mobile vulnerabilities including OWASP Top Ten. A white box type of testing approach was done where CertiK performed the test within the source code available from the shared Github repository. The initiative of RioDeFi to perform these tests show their appreciation and value for security.
In addition to the functionality, the team recommends improvement in the documentation of the codebase. Although some parts were well documented, others lacked proper documentation. Additionally, all documentation regarding the project, readme’s, comments, whitepapers, yellow papers should have an english version. Given the experience with the RioDeFi team, CertiK is confident that the documentation will be updated and fully in place for mainnet release.
CertiK strongly advises all projects undergo strict unit testing on the complete codebase to ensure that the intended functionalist and outcome is achieved under all edge cases even before the audit. Strict unit testing will ensure that the code is of the highest quality, and will make all the audits more valuable.
CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.
CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.
CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.
Consult with one of our experts at firstname.lastname@example.org