We created Fractal to make building, governing, and scaling DAOs simple and secure.
Fractal began the search for a smart contract auditing firm to examine the security of our code at the start of 2023. The audit, conducted by Halborn, occurred from April 17th to April 28th, 2023. We are pleased to report that it went exceptionally well. The team identified four suggested informational changes, the lowest level of security risk. We resolved one issue and acknowledged the other three as intentional to Fractal’s design (see the full audit report below for more details).
Smart contract audits are crucial but often undervalued in the web3 application development process. Fractal recognized the importance of getting this right early on, especially as more DAOs hold significant value in their treasuries on-chain. We felt a strong sense of responsibility towards our current and future users.
When the Fractal team began interviewing potential blockchain security audit firms we were determined to prioritize quality and thoroughness, regardless of the cost or timeline. We extensively reviewed and interviewed nearly two dozen options before choosing Halborn. We were impressed by the team’s extensive experience, reputable client list, and successful track record in security auditing.
To prepare for the audit, our engineering team spent four weeks refining documentation and meticulously reviewing our code. This involved:
Completely revising the existing smart contracts, with a focus on even more composability. Fractal was originally built on the Safe Zodiac module Usul. During the audit preparations, we made so many improvements that we forked it into our own, independent protocol, which we've called Azorius.
Optimizing the code using static analyzers. Our engineering team utilized popular static analyzers like Code4rena's c4udit and Slither to identify vulnerabilities, inefficiencies, and security risks. All issues discovered during the static analysis process were promptly addressed to mitigate any risks flagged by the auditing firm.
Conducting comprehensive unit and integration testing. We prioritized the development of extensive tests, achieving an impressive 99% code coverage. These tests ensure that our smart contracts function as intended. The remaining 1% represents an unreachable function in an OpenZeppelin parent class that we do not utilize.
Documenting contract functions using NatSpec comments. We enhanced clarity and future collaboration by documenting all contract functions. This comprehensive documentation provides valuable information about each function's purpose, parameters, and return values, making it more accessible to community members and contributors.
You can find the complete audit results here.
Throughout the auditing process, Halborn demonstrated exceptional knowledge and communication. We thank the team for their diligence and detail during this critical process for Fractal.
With our audit with Halborn complete, we are excited to present Fractal to the decentralized world. The contracts are now deployed to Ethereum mainnet and will soon be on Polygon.
We’re on the verge of announcing our official release, complete with front-end support for building composable DAOs tailored to your preferences. Fractal was built to easily compose, govern, and scale DAOs securely. Join us on that mission today. Visit app.fractalframework.xyz to get started.