The Customer is a large global Antares ecosystem that develops investment solutions to support the wealth growth of their clients. Their investment solutions always take advantage of the best DeFi technology can offer. One of their last De-Fi products is DeFi Antares Token (dANT), realized in ERC-20 smart contract.
Tasks And Challenges
The task was to conduct a security audit and provide a detailed audit report in tight deadlines for the dANT smart contract.
The analysis aimed to check the project on the following issues:
- logical errors
- code vulnerabilities
- developers' exit scams possibility
The project had a complicated business logic of about 10 entities. The final network included six smart contracts. Each of them contained a good number of files with code. To hit the deadlines, we needed to put maximum of our effort and engaged a huge part of our team into the auditing task.
Methods And Tools
The audit included the following tools and methods:
- Code review
- Test local Ethereum network
- Software-based static and dynamic source code analysis
- Own know-how for tracking smart contract transaction status
Based on the documentation the Customer provided, we analyzed the contract mathematics and carried out a comprehensive code security audit.
The key audit results are:
- No errors that affect the users' fund security were found
- No obvious signs of an exit scam were found
- No remarks or warnings were found either.
Based on analysis of provided code, Telescr.in verifies the dAnt contract security and performance.
Unlike many other projects we audited, this project was built highly professionally, both regarding its business logic, code, and documentation. Although there was a lot of code to analyze, working with it was very pleasant as the code was clean, consistent, and, thus, easy to read.
While we were auditing, they also reviewed the code. They even found one vulnerability and fix it before we came close to that part of the code.
Obviously, the customer takes seriously their contract security and performance.
(December 15 – December 22)
On December 15, we start auditing the code. As the code business logic was a bit comprehensive, it took us six days to complete the audit. So, on December 21 we were ready to provide a draft audit report. That was the deadline we scheduled initially with the Customer. And we successfully hit that deadline.
On December 22 the Customer’s developers deployed the final code version on the network. Accordingly, on December 22, we signed the report and provided it to the Customer.
In addition to the standard security report, the Customer ordered a video for the report. The deadlines here were not tight but not later the New Year’s Eve. We did our best to meet that requirement. So, on December 28, the video for the report was released.