Smart Contract Auditing
At Sayfer we are verifying every line of code while having a deep understanding of the architecture using the newest SCSVS standard. In addition to common attacks and best practices, it is important to also understand your own business logic and the idea behind every functionality.
An auditor’s mission is to understand the code, its goal, and what would bad actors will do to take advantage of the contract’s logic. The auditor uses automated tools and manual testing to perform a quality audit.
1inch
1inch enhancing the efficiency of operations within the Layer 2 blockchain environment.
Given that operations with larger calldata tend to be more costly in Layer 2, the central focus is to reduce the size of the calldata. To accomplish this, a strategy of calldata compression is employed, this strategy primarily involves off-chain operations and uses a mechanism referred to as the DecompressorExtension, which allows for the recovery of the compressed calldata.
Tezos
Tezos is an open-source platform that addresses key barriers facing blockchain adoption for assets and applications backed by a global community of validators, researchers, and builders. By design, Tezos embraces long-term upgradability, open participation, collaboration, and smart contract safety.
Tezos decided to create a Metamask Snap to integrate their blockchain with a the streamlined UX of Metamask. Sayfer conducted the audit report.
Polkadot
Polkadot is an open-source project founded by the Web3 Foundation.
Polkadot is built to connect private and consortium chains, public and permissionless networks, oracles, and future technologies that are yet to be created. Polkadot facilitates an internet where independent blockchains can exchange information and transactions in a trustless way via the Polkadot relay chain.
Sayfer conducted a security audit for Polkadot’s Snap
Sei Network
Sei is an open-source blockchain hosting a vibrant ecosystem of decentralized applications (dApps). Using proof-of-stake consensus and ground-breaking technologies like Twin Turbo Consensus and Parallelization, the Sei blockchain is the fastest chain in existence, giving users a web2-like experience with all the benefits of web3 decentralization.
CEX
We performed full grey-box penetration testing on the Centralized Exchange application and white-box security auditing of the Centralized Exchange business logic and code from a cryptocurrency point of view.
The most dangerous vulnerabilities we discovered were SQL injection and flaws in business logic.
The impact on the system is critical as a malicious attacker could exploit some of these vulnerabilities to take advantage of the system, either by changing his user role to “super_user” via the SQL injection or by abusing the system and stealing money from the Centralized Exchange using the 30s system update mechanism.
We suggested to Crypto Exchange a few possible mitigation strategies including avoiding concatenating strings to full SQL statements, using 3rd party custodian services to manage hot wallets and vaults, constantly checking for authorization in every request, and more.
Dusa - Network Auditing Report
Dusa is a 100% on-chain decentralized finance protocol, its particularity is that all its infrastructure is entirely based on the blockchain (from the web application to the activation mechanisms of our autonomous trading orders).
Overall, Dusa is a well-built protocol. The fact that it is derived and translated from TraderJoe makes it a very solid protocol with a fairly common architecture, but considered optimal. However, we did have a few recommendations which we feel could improve the quality and security of the protocol.
DIMO
DIMO (pronounced “Dee-Moe”) makes every car on earth smart and programmable. It’s an open platform built to connect every car on the planet and modernize the entire transportation industry. It opens access to vehicle data, connectivity, and commerce.