Liqwid v1 Security Audit: Code Review Complete
A critical milestone on the path to Liqwid mainnet, the code review phase of the external security audit is now complete. To ensure we have built the most safe and secure liquidity market protocol possible we contracted Vacuumlabs to conduct an external security audit of the smart contracts. We previously worked with Vacuumlabs for the Agora v1 security audit and once again we are deeply appreciate for their meticulous code review process.
Security audits help to validate core protocol components are built according to the technical specification and any bugs discovered are communicated with an auditor’s suggestion and patched in a code review flow that gives the auditors sufficient validation time to review bug fix as well as the surface area of changes introduced with the bug fix.
During the first phase of the audit Vacuumlabs completed a technical design review of our protocol specifications and design mechanisms. Following the design review the auditors conducted a deeper manual audit of the code and reported findings along with recommended fixes to the team in a rolling approach, allowing the time for a proper remediation that we reviewed afterwards.Vacuumlabs utilized a manual code analysis process and looked exclusively at the on-chain validation code shared by Liqwid core dev team and analyzed it for potential issues such as attacks and vulnerabilities that could be exploited including denial of service, stealing of funds double satisfaction, rounding errors, violating business requirements, token uniqueness attacks, faking timestamps, locking funds forever, unauthorized minting, and loss of ADA staking rewards.
The auditors discovered 25 issues (6 Critical, 2 Major, 5 Medium, 5 Minor and 7 Informational) in the Liqwid v1 protocol, the majority of these our core devs were able to fix and get validated by the auditors in a timely fashion. The issues that have not been fully mediated by our core team are almost all minor and informational and have been acknowledged by our core developers. These issues will all be fixed as part of Liqwid v2 less the few that have been deemed out of scope.
Vacuumlabs is a technology leader in digital design and engineering supporting companies in fintech and blockchain industries. Vacuumlabs has worked on several Cardano wallets and have conducted multiple Cardano DAO and DeFi smart contract security audits.
To learn more about Vacuumlabs visit the About page on their website here.
Liqwid is a non-custodial liquidity market protocol built on Cardano. The protocol enables users to easily lend, borrow, and earn interest with their Cardano native assets while also earning ADA delegation rewards from liquid staking. Borrowers pay a variable interest rate on overcollateralized loans in the protocol while qToken holders (lenders) supply assets and earn interest via a continuously increasing qToken to underlying asset exchange rate.
Liqwid Labs mission is to scale Cardano's adoption as a financial operating system through modular built DAO and DeFi products. Our on-chain governance (Agora) and algorithmic money markets (Liqwid) protocols are built by Liqwid Labs and owned by the Liqwid DAO. Liqwid Labs is on a goal to bring the DeFi to local communities leveraging Cardano’s research-driven and secure fundamentals to deliver equal economic agency to individuals around the world.