Monerium A financial technology company with a mission to make digital currencies accessible, secure, and easy to trade. Monerium is an industry leader in compliant emergy solutions regulated in Iceland.
The smart contract was previously audited for a total of 12 engineering days of time donation between June 15, 2023 and July 4, 2023. Previous Monerium Audit Summary Includes revisions 1.0, 1.1, and 1.2. This audit summary focuses on the methodology, findings, and recommendations of revisions 2.0 and 2.1.
Revised Edition 2.0
Monerium has contracted with Ackee Blockchain to conduct an additional security review of the Monerium smart contracts (Revisions 2.0 and 2.1) for a total of four days from February 20, 2024 to February 27, 2024.
Revised version 2.1
The revision review was performed on the specified commit.
methodology
Revised Edition 2.0
We started with reviews. wake up Static analyzer. Then we performed manual code review, focusing specifically on:
- ERC-2612 implementation verification,
- Refactored the burn function’s signature and modified its flow,
- Detect common issues, including data validation issues
- Comply with best practices.
Revised version 2.1
In Revision 2.1, we directly reviewed the contract changes and addressed issues found in previous reviews.
range
The scope of the audit was a difference from previous Monerium audit commits.
Revision 2.0: Audits were performed on commits.
Revision 2.1: The review of fixes was done in the commit.
result
Here we present our research findings.
Critical severity
No serious problems were found.
High severity
No high severity issues were found.
Medium severity
No medium severity issues were found.
Low severity
No low severity issues were found.
Warning Severity
W7: No events.
W8: Unchecked return value.
W9: Dead code.
Information Severity
I7: Duplicate hash string.
I8: Unused imports.
I9: Commented code.
I10: Interface configuration.
I11: Typo.
conclusion
In Revision 2.0, there are eight outcomes ranging from informational severity to warning severity.
W7 and W8 are related to event and data validation. Unused constants in W9, I8 and I7 were found using the Wake static analyzer. Most of the findings point to code quality.
Ackee Blockchain recommends Monerium for:
- Ensure that return values are always validated
- Emit an event after every contract state change.
- Remove unused code from your codebase.
- Addresses all other reported issues.
- We use Tools for Solidity (Wake) VS Code extension for static analysis (it can identify W9, and partially I7, I8 during development).
Of the eight findings, Monerium addressed five issues and acknowledged three with associated comments.
Ackee Blockchain’s full Monerium audit report, which includes a more detailed explanation of all findings and recommendations, can be found here.
We were very pleased to conduct an audit for Monerium and look forward to working with them again in the future.