At Exactly Protocol, our top priority is ensuring the safety of the protocol and our users. This is why, since we launched the protocol on Ethereum Mainnet in November 2022, we have conducted several Smart Contracts audits and a Mathematical audit with top firms such as ABDK Consulting, Coinspect, Chainsafe, and Cryptecon.
To make our security even better, we have also introduced a Bug Bounty Program in partnership with Immunefi to incentivize hackers to identify and report bugs and security vulnerabilities in our Smart Contracts, helping us create a safer environment for our users.
New Audits
Last March, before launching our current OP Rewards Program, the Exactly Protocol’s Smart Contracts were audited for the 5th time by Coinspect. The Rewards Controller, the Smart Contract responsible for storing and allocating rewards to each user, has also been audited by Coinspect before being deployed in the protocol. In addition, the protocol was audited for the 2nd time by ABDK Consulting last April.
Coinspect Smart Contracts & Rewards Controller Audits
Protocol Smart Contracts Audit
Last January, we required Coinspect to perform a new source code review to evaluate the security of new commits on core Smart Contracts of the protocol. During this audit, they reviewed some changes in the Markets and the Interest Rate Model that modify how fixed and variable rates are computed.
As a result of this audit, Coinspect identified one low-risk and pointed out one informational issue. For more technical details, you can check the complete report of this audit at this link.
Rewards Controller Audit
The Rewards Controller is the Smart Contract designed to store and distribute rewards to accounts that interact with the Markets’ different variable and fixed pools included in the Rewards Program. It calculates the total amount of rewards to distribute and determines the allocation between the pools based on a dynamic distribution model.
On February 13, 2023, we engaged Coinspect to perform a source code review of the Rewards Controller contract to evaluate the security of the contract before being deployed on the protocol to distribute OP rewards. During the first stage of this audit, Coinspect reviewed the security of the Rewards Controller contract, identifying three low-risk and four informational issues.
The second part of this audit started on February 23, 2023. In this new report, Coinspect’s team has reviewed some changes in the contract as a result of the comments and issues found in the previous stage and new commits that our team has developed. As a result, the previously found two low-risk issues have been fixed.
The last audit stage started on March 23, 2023, and has been in charge of reviewing some changes introduced in the Rewards Controller. As a result, zero issues have been found.
The complete reports are available at the following links:
ABDK Audit
Last March, we engaged the services of ABDK Consulting, a leading audit firm, to conduct a general review of the Exactly’s Smarts Contracts structure, including critical/major bug detection and issuing general recommendations.
During this audit, the ABDK Consulting team identified 13 issues categorized as ‘Major’ and a few ‘Moderate’ and ‘Minor’ issues. Our technical team has successfully resolved and addressed all ‘Major’ issues. These issues primarily pertained to potential performance enhancements and rounding calculations, resulting in reduced gas costs for transactions once they were solved.
Additionally, we encountered moderate and minor issues that encompassed simplifying mathematical formulas, improving documentation accuracy, and enhancing overall readability, among other areas of slight improvement.
You can see the complete report of this audit at the following link.
Stay updated on Exactly Protocol’s progress by following us on Twitter and Mirror, and joining our active communities on Discord and Telegram.