Bank Of Chain sought the expertise of Shellboxes to undergo a rigorous security assessment. This assessment spanned from October 12th to December 4th, 2022. The primary objective of this evaluation was to identify and rectify potential vulnerabilities within the smart contracts of Bank Of Chain. By meticulously analyzing the alignment between the smart contract code and its design document, we aimed to uncover any semantic discrepancies that might exist. Furthermore, we provided recommendations to not only address security concerns but also to optimize the code for better performance and efficiency. The results of our assessment highlighted several areas where the smart contracts could benefit from enhancements, given the various security and performance issues identified.
Bank Of Chain, commonly referred to as BoC, stands as a beacon of innovation in the rapidly evolving decentralized finance (DeFi) landscape. Its primary mission is to empower everyday users with a wealth management tool on the blockchain that is as close to “risk-free” as possible. To achieve this, BoC meticulously integrates a range of handpicked protocols from the vast crypto universe. This includes, but is not limited to, Automatic Market Makers (AMMs), established lending protocols, and high-performing yield aggregators. Through these strategic collaborations, BoC aims to offer its users a seamless and secure financial experience on the blockchain.
The collaboration between ShellBoxes and Bank Of Chain is a testament to the commitment both entities have towards ensuring the highest standards of security and functionality in the DeFi space. Recognizing the transformative potential of BoC in reshaping the financial landscape, ShellBoxes took on the responsibility of rigorously assessing and fortifying the platform’s underlying smart contract infrastructure. Our partnership was built on mutual respect, transparency, and a shared vision for a safer and more efficient decentralized financial ecosystem. Throughout the engagement, both teams worked closely, exchanging insights and expertise, to ensure that the BoC platform not only meets but exceeds industry standards. This partnership underscores the importance of combining innovative financial solutions with robust security measures to foster trust and drive adoption in the DeFi sector.
In the assessment of Bank Of Chain, the ShellBoxes team faced the intricate challenge of ensuring a comprehensive, precise, and efficient audit without compromising on depth or detail. To adeptly tackle this multifaceted task, a combination of manual and automated testing methodologies was employed. Manual testing was paramount for identifying discrepancies in logic, procedural flows, and execution sequences. It was instrumental in verifying that the protocol’s invariants aligned seamlessly with BoC’s business logic and were accurately represented in the code. Such meticulous scrutiny was crucial to ensure the timely identification and rectification of potential security vulnerabilities. Conversely, automated testing was leveraged to broaden the audit’s scope and swiftly detect any sections of the code that strayed from established security norms. This methodology enabled the ShellBoxes team to cover an expansive audit terrain and quickly spotlight potential security concerns. By synergizing these methodologies, the team struck a perfect balance of speed, precision, depth, and breadth, ensuring a holistic and rigorous security evaluation of Bank Of Chain.
Throughout the audit process, the BankOfChain team showcased exemplary professionalism and dedication. Their proactive approach, combined with thorough documentation, significantly streamlined the audit. It was evident that they prioritized security, as they swiftly addressed and rectified the majority of the identified vulnerabilities. While the smart contracts of BankOfChain are fundamentally well-architected and crafted, there remains room for enhancement in their implementation. The audit revealed a spectrum of vulnerabilities, categorized as follows:
We will delve deeper into each severity category to provide a detailed overview of the identified vulnerabilities.
During the audit of Bank Of Chain’s smart contracts, a critical vulnerabilities was identified:
These vulnerabilities, while critical, was swiftly rectified by the Bank Of Chain team, underscoring their dedication to ensuring the security and protection of their users.
During the audit of Bank Of Chain’s smart contracts, several high-severity vulnerabilities were identified:
These high-severity vulnerabilities, while significant, were either addressed or acknowledged stating the reason by the Bank Of Chain team, demonstrating their proactive approach to ensuring the safety and security of their platform and its users.
During the audit of Bank Of Chain’s smart contracts, several medium-severity vulnerabilities were identified:
These medium-severity vulnerabilities, while noteworthy, were either addressed or acknowledged providing the reason by the Bank Of Chain team, showcasing their dedication to improving the security and robustness of their platform.
During the audit of Bank Of Chain’s smart contracts, several low-severity vulnerabilities were identified:
These low-severity vulnerabilities, while not critical, highlight areas of improvement. The Bank Of Chain team’s prompt acknowledgment and resolution of these issues demonstrate their commitment to ensuring the security and robustness of their platform.
In the audit of Bank Of Chain’s smart contract, a discrepancy was noted:
In the audit of Bank Of Chain's smart contract, several best practices were identified. These included removing unused functions in the AssetHelpers contract to reduce its size, avoiding redundant variable initialization, renaming the removeStrategy function to better reflect its functionality, and using more descriptive names for functions like isKeeper and isVaultOrGov. The Bank Of Chain team promptly made the required adjustments to align with these recommendations, ensuring greater clarity, efficiency, and security in the codebase.
The comprehensive audit of the Bank Of Chain contract provided a deep dive into its design and functionality, revealing a spectrum of issues that required attention. The proactive response from the Bank Of Chain team was commendable, as they promptly addressed and rectified 9 of the identified concerns. While some issues were deemed to have a low likelihood of occurrence, they still hold potential risks. The insights provided by Shellboxes’ auditors were invaluable, emphasizing the importance of continuous vigilance in the ever-evolving landscape of smart contracts. As the Bank Of Chain team moves forward, it's crucial to keep these findings at the forefront, ensuring the platform's security and integrity for its users. The collaboration between the auditors and the Bank Of Chain team serves as a testament to the importance of rigorous testing and iterative improvement in the blockchain space.