Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»HACKING NEWS»Summary of the CIAN yield hierarchy
HACKING NEWS

Summary of the CIAN yield hierarchy

By Crypto FlexsFebruary 27, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Summary of the CIAN yield hierarchy
Share
Facebook Twitter LinkedIn Pinterest Email

Through the yield layer of the CIAN Protocol, the user can deposit assets into a safe agreement to obtain yields through multiple strategies. This protocol is a cross chain that can be interoperable and provides grass to a variety of chains that can hold the expression of Vault tokens. This can be exchanged for the deposit tokens of a given chain.

methodology

  1. Confirmation of technical specifications
    The audit range is confirmed with the client and the auditor is on the project. The document provided is reviewed and compared with the audit system.
  2. Tool -based analysis
    Deep check with solid static analysis tool Wake up companion Wake The expansion is carried out and displays potential vulnerabilities for further analysis in the early stages of the process.
  3. Manual code review
    The auditor manually checks the code one by one to identify vulnerabilities and code quality problems. The main focus is to recognize the potential advantage and the risk of each project.
  4. Local placement and hacking
    The contract is located locally Wake up An environment aimed at using vulnerability. The elasticity of the contract for various attack vectors is evaluated.
  5. Devices and fuzz tests
    Unit tests are executed to check the expected system operation. Additional devices or fuzz tests can be written using Wake up If the framework coverage interval is identified. The goal is to check the stability of the system under actual conditions and ensure the rigidity of expected and unexpected input.

We started reviewing using the contained static analysis tools. Wake up. Then I dive about the logic of the contract. We used for testing and purging Wake up Test framework. For more information about pursing, Full audit report.

During the review, we paid special attention later.

  • Arithmetic operation and system accounting guarantees were correct.
  • In the code, it detects reintroduction and unprotected calls.
  • Access control is not too comfortable or strict.
  • Identify common problems such as data verification.

range

The audit was performed at Commit 54e953 And the range included all contracts except strategy. Revision 1.1 was performed at Commit 06f333In the first review with the modification range of the results.

The results of the audit are as follows.

Threshold

There was no important serious problem.

The severity is high

There is no high severe serious problem.

Intermediate

M1: Incorrect calculations due to intermediary

M2: There is no sufficient data verification in the full state variable.

M3: The user can rarely control the deposit funds.

Low severity

L1: Double EntryPoint-initialize function

L2: Use transfer instead call

L3: The initial rider has been missing in the constructor

L4: Inaccuracy of strategic location restrictions

Significance of warning

W1: Strict equality inspection of balance

W2: potential DEPEG of ETH -based assets

W3: Vault does not comply with ERC4626

W4: Protocol owners can set random exchange prices to full.

W5: Trap of your own contract

W6: Protocol owners can artificially Mint Vault Sharing

W7: DOS may occur due to underflow confirmWithdrawal

W8: The user cannot request more than one withdrawal.

W9: Potential problems in searching for borrowing and supply caps

Information seriousness

I1: The function can be declared as a view function.

I2: Document missing

i3: Natspec comment on Ottawa

i4: missing underlined under the internal function name

i5: Consistency of the modification of access control

I6: Variables that are not used

i7: Instructions that are not used

i8: Unused income

i9: Unused events

i10: I often did not check the return value for receipts

Trust model

The user must trust the protocol owner to act honestly. Once you deposit money in the safe, you will not be able to withdraw money without external confirmation, and the withdrawal amount is also determined by the reality that confirms the withdrawal request. Some discoveries have been raised regarding the trust model (see M3, W6, W4).

conclusion

Our review results have emerged 26 DiscoveryFrom providing information to intermediate seriousness. All problems have been solved and have been recognized as an opinion that is fixed, partially fixed or explained.

This protocol showed centralization, and the right features made the protocol owner greatly dependent (see M3). It also identified arithmetic and data verification issues that could be wrong in protocol accounting (see M1).

Ackee Blockchain Security is recommended for CIAN:

  • Write a document.
  • Create a comprehensive test suit.
  • Focus on the intermediary and precision during the calculation.
  • Solve all other reports.

The entire Audit Report of AcKee Blockchain Security can be found in detail with detailed descriptions of all results and recommendations. here.

We were happy to be grateful for CIAN and expect to work with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Genzio podcast | Vault12 encryption inheritance and asset management | Toronto

June 2, 2025

Director Trezor: What is the best hardware wallet in 2025?

May 31, 2025

US sanctions technology companies are related to millions of dollars of encryption fraud.

May 31, 2025
Add A Comment

Comments are closed.

Recent Posts

Flux.1 KONTEXT: Edit Image Editing as a Multimodal Model

June 2, 2025

Genzio podcast | Vault12 encryption inheritance and asset management | Toronto

June 2, 2025

TRON (TRX) sets a new record for monthly transmission in May.

June 2, 2025

Robin to be presented at the Global Exchange Meeting in June 2025

June 2, 2025

Dogecoin deep 16%a week, but $ 0.25 rally can be loaded. how?

June 2, 2025

The BNB chain improves the new AI BOT Initiative and AI integration.

June 2, 2025

Solana Price prediction: ETF Hype vs. Risk of unlocked -Is it a drop of $ 130 on the horizon?

June 2, 2025

The CZ suggests a dark full dex to suppress the operation.

June 2, 2025

Analysts said that XRP could fall to $ 1.70.

June 2, 2025

PRIMEXBT expands its global reach with FSCA regulatory password asset service.

June 2, 2025

Stablecoin’s market cap surpasses $ 250 billion, accelerating regulatory momentum.

June 2, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Flux.1 KONTEXT: Edit Image Editing as a Multimodal Model

June 2, 2025

Genzio podcast | Vault12 encryption inheritance and asset management | Toronto

June 2, 2025

TRON (TRX) sets a new record for monthly transmission in May.

June 2, 2025
Most Popular

Deutsche Bank Survey: More than Half Expect Cryptocurrencies to Become an ‘Important’ Asset Class and Payment Method

April 13, 2024

Crypto Trader Hits All-Time High with 735,800% Gain on Big Memecoin: On-Chain Data

May 23, 2024

WOW EARN unveils layer 1 blockchain that redefines efficiency and global accessibility

December 5, 2023
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.