ImmuneBytes Completes USTX Smart Contract Audit |2022| Read Details
Immunebytes is pleased to announce the successful completion of the USTX smart contract security audit.
At Immunebytes, safety is our top concern. We recognize that smart contracts are the tools that handle user funds and millions of dollars of value. To ensure the safety of these tools, our auditors dedicated multiple weeks to examining the various smart contracts using USTX to understand their structure and effectively ensure that the code works as intended.
The code was audited by a team of independent auditors which includes -
- Testing the functionality of the Smart Contract to determine proper logic has been followed throughout.
- Analyzing the complexity of the code by thorough, manual review of the code, line-by-line.
- Deploying the code on testnet using multiple clients to run live tests.
- Analyzing failure preparations to check how the Smart Contract performs in case of bugs and vulnerabilities.
- Checking whether all the libraries used in the code are on the latest version.
- Analyzing the security of the on-chain data.
We then meticulously analyzed the Smart Contract line-by-line to look for any potential problems, such as Signature Replay Attacks, Unchecked External Calls, External Contract Referencing, Variable Shadowing, Race conditions, Transaction-ordering dependence, timestamp dependence, DoS attacks, and others.
In our Unit Testing phase, we ran the tests written by the developer to verify that each function worked as intended. In our Automated Testing, we tested the Smart Contract with in-house developed tools to identify vulnerabilities and security flaws.
● Project Name: USTX
● Contracts Names: UpStableToken, UstxDEX, UstxProxy
● Languages: Solidity(Smart contract)
● Github commit hash for audit: 03b8f9c494a0518fd3a236f1c03af7ae49c64f9e
● Github commit hash for audit: d89949854a3980cd1dd966bdc04790b23540407d
● Platforms and Tools: Remix IDE, Truffle, Truffle Team, Ganache, Solhint, VScode, Contract Library, Slither, SmartCheck.
● Mainnet Contract Address:
The focus of the audit was to verify that the smart contract system is secure, resilient, and working according to its specifications. The audit activities can be grouped into the following three categories:
- Security: Identifying security-related issues within each contract and within the system of contracts.
- Sound Architecture: Evaluation of the architecture of this system through the lens of established smart contract best practices and general software best practices.
- Code Correctness and Quality: A full review of the contract source code. The primary areas of focus include:
* Sections of code with high complexity
* Quantity and quality of test coverage
Our smart contract auditors split the issues according to the severity levels:
- Admin/Owner Privileges can be misused either intentionally or unintentionally.
- High severity issues will bring problems and should be fixed.
- Medium severity issues could potentially bring problems and should eventually be fixed.
- Low severity issues are minor details and warnings that can remain unfixed but would be better fixed at some point in the future.
The initial audit resulted in:
The smart contract audit report with in-depth details about the contract code and its vulnerabilities can be found here
The USTX team implemented the recommendations and the final audit resulted in:
The USTX project aims to deploy a utility token based on smart contract technology, which will have the stability effect during bear market conditions typical of stablecoins and the growth potential of digital currencies like BTC.
Blockchain technology has given birth to a new economy, allowing for transfers of value between parties in a safe and fast way. The USTX will be created by deploying a bespoke AMM DEX, which dynamically manages the reserve in order to allow for price increase in the uptrend market while damping the price decrease during a downtrend.
The reserve will be certified by the underlying blockchain, removing the need for complex proof-of-reserves methods. A target reserve level is always enforced by the smart contract to ensure the long-term stability of the system. The reserve liquidity will forever be locked in the contract, meaning that no one will ever be able to withdraw it.
ImmuneBytes is a security start-up to provides professional services in the blockchain space. The team has hands-on experience in conducting smart contract audits, penetration testing, and security consulting.
ImmuneBytes’s security auditors have worked on various A-league projects and have a great understanding of DeFi projects like AAVE, Compound, 0x Protocol, Uniswap, dydx. The team has been able to secure 145+ blockchain projects by providing security services on different frameworks.
ImmuneBytes team helps start-ups with a detailed analysis of the system ensuring security and managing the overall project.