Back to all stories
Case Study
Audit Complete - XEND Finance
Audit Complete - XEND Finance

The CertiK Security Team has successfully completed an audit of XEND Finance’s smart contract’s delta related to the rewarding group creator. The code in the audit is comprised of code related to rewarding a group's creator with a percentage of the commission fee as well as to track total $XEND token rewards. A summary of the audit and its findings follows up.

Use-Case Profile

As a decentralized Credit Union, Xend Finance (XF) serves to optimize, improve, and add value to the core operations of Credit Unions globally, while also allowing users to form their own cooperatives and pool their money, no matter their geographic location or home country currency. With decentralized savings, lending, borrowing, and investment options, Xend Finance is the first protocol aiming to tap into the $2.2 Trillion Credit Union market.

One of the core focuses of the Xend Finance ecosystem is to provide individuals, groups, cooperatives, and Credit Unions in nations with unstable currencies access to a truly global, trustless, decentralized solution incorporating savings, lending, borrowing, and investing.

With such a monumental task at hand, the security of the protocol is viewed with the utmost importance. As a response, the XF Team have put their protocol through a number of rigorous and detailed audits with the CertiK Security Team.

Code Review & Auditing Process

The CertiK security team utilized a combination of Static Analysis and Manual Review to conduct the most recent audit of the Xend Finance protocol. The code audited comprised of delta related to rewarding group's creator with a percentage of the commission fee and to track total $XEND token rewards.

The auditing process focuses on the following considerations:

  • Testing smart contracts against both common and uncommon attack vectors.
  • Assessing the codebase to ensure compliance with current best practices and industry standards.
  • Ensuring contract logic meets the specifications and intentions of the client.
  • Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
  • Through a line-by-line manual review of the entire codebase.

A total of 1 finding was reported on the vulnerability summary, though this single vulnerability was marked as major. The Xend Finance team resolved the vulnerability, which may have led to a discrepancy of the underlying balance of the contract, by enacting the recommendation of the CertiK Security Team.

You can review the full audit, in addition to all previous audits,here.


In addition to the aforementioned security audit, the Xend Finance team have unlocked an unprecedented level of protection for themselves, their community, and their token holders through CertiKShield.

With CertiKShield protection, XEND holders will be protected from any unforeseen, on-chain, security related events which result in lost or stolen assets.

You can read more about CertiKShield and the benefits it provides here.

About XEND

Xend Finance provides the tools and platform for a decentralized financial credit union, regardless of geographic location and home country currency.Members can earn multiple levels of interests on their savings by seamlessly swapping their crypto or fiat currency to stable cryptocurrencies and staking – the process of locking up crypto assets to earn yields – on lending platforms so members can earn compound interest on their money.The Xend Finance platform is the first decentralized finance (DeFi) credit union.

The team is made up of experienced professionals with backgrounds in mathematics, finance, cryptography, and blockchain development, working for some of Africa’s largest employers, including KPMG, Chevron, and Stanbic Bank. Xend Finance is headquartered in Enugu, Nigeria.

About CertiK

CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.

Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.

Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.

Consult with one of our experts at [email protected]

Stay connected!

Website| Twitter| Linkedin| GitHub| CertiK Shield