Skip to content

Latest commit

 

History

History

profile

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
verilog logo

awesome list badge

A curated list of awesome Verilog resources, information, audits, standards and more.


About Verilog Solutions

Founded by a group of cryptography researchers and smart contract engineers in North America, Verilog Solutions elevates the security standard for Web3 ecosystems by being a full-stack Web3 security firm covering smart contract security, consensus security, and operational security for Web3 projects.

Verilog Solutions team works closely with major ecosystems and Web3 projects and applies a quality above quantity approach with a continuous security model. Verilog Solutions onboards the best and most innovative projects and provides the best-in-class advisory service on security needs, including on-chain and off-chain components.


📁 Audit

| our engineering engagement with project teams

💼 WOOFi Swap Audit

Unlike popular Automated Market Making (AMM) or Proactive Market Making (PMM), WOOFi Swap’s Sythethetic Proactive Market Making (sPMM) is a brand new market-making algorithm that can successfully solve the slippage issue in Decentralized Exchange (DEX) by simulating order book structure in Centralized Exchange (CEX).

Title Audit Report Link Date
WOOFi Swap WOOFi Swap Audit Report October 17, 2021

💼 YuzuSwap Audit

One of the first DEX projects for the Emerald paratime on the Oasis Network. YuzuSwap is an AMM DEX with innovative trading incentive designs, such as the trading pool share token (TPST).

Title Audit Report Link Date
YuzuSwap DEX YuzuSwap Audit Report January 4, 2022
YuzuSwap Staking Contracts YuzuSwap Staking Contract Audit Report March 30, 2022

💼 Vesta Finance Audit

Vesta Finance is an Arbitrum-based lending protocol. Users can collateralize ETH and other supported assets to borrow $VST, which is Vesta Finance’s stablecoin. Vesta will support other collateral after the launch.

Title Audit Report Link Date
Vesta Finance Vesta Finance Audit Report January 30, 2022

💼 Fountain Protocol Audit

Fountain Protocol is one of the first Lending protocols on the Emerald Paratime of Oasis Network.

Title Audit Report Link Date
Fountain Protocol Fountain Protocol Audit Report February 18, 2022
Fountian Protocol Incremental Audit Fountain Protocol Incremental Audit Report April 12, 2022

💼 TGT Finance Audit

TGT Protocol is one of the first lending protocols and margin trading platforms on the Emerald Paratime of Oasis Network.

Title Audit Report Link Date
TGT Protocol TGT Audit Report February 24, 2022

💼 Ubeswap Audit

A mobile-first DeFi exchange on the Celo network. Ubeswap provides decentralized exchange and automated market marker protocol for Celo assets. Ubeswap is recently adding new features including limit order.

Title Audit Report Link Date
Ubeswap Ubeswap Audit Report March 20, 2022

💼 Gnosis Audit

GNO token is used in various GNO ecosystem products. GNO ecosystem includes various applications and infrastructure, such as Gnosis Auction, Gnosis Safe, and Gnosis Chain. Gnosis Beacon Chain is currently live and secured with GNO token, and the Gnosis Beacon Chain will merge with Gnosis Chain later.

Title Audit Report Link Date
GNO Token V2.0.0 GNO Token V2.0.0 Audit Report April 22, 2022

💼 BendDAO Audit

A decentralized peer-to-pool-based NFT liquidity protocol. Depositors provide ETH liquidity to the lending pool to earn interest, while borrowers can borrow ETH from the lending pool using NFTs as collateral.

Title Audit Report Link Date
Lending Protocol Lending Protocol Audit Report May 24, 2022
Liquidity Protocol Blue-chip NFT Liquidity Audit Report August 3, 2022
BendDAO ApeCoin Staking BendDAO ApeCoin Staking Audit Report Dec 15, 2022
ApCoin Vault ApeCoin Vault Audit Report Feb 15, 2023
NFT wrapper NFT wrapper Audit Report Feb 27, 2023
BendDAO ApeCoin Staking V2 BendDAO ApeCoin Audit Report May 25, 2023
BendDAO V2 Lending and Liquidity Protocol BendDAO V2 Audit Report June 4, 2024

💼 STEPN Audit

A Game-Fi/Social-Fi Web3 application. Users could acquire STEPN NFT sneakers and earn rewards by engaging in outdoor activities.

Title Audit Report Link Date
STEPN STEPN Audit Report June 3, 2022

💼 Untangled Finance

The Untangled Protocol is a decentralized lending and liquidity protocol for real-world asset collaterals. Below is a graph explaining the connections and relations between contracts. Additionally, there is some relevant information regarding the most important contracts and concepts:

Title Audit Report Link Date
Untangled Protocol Untangled Protocol Audit Report June 3, 2022
Untangled Finance Audit Untangled Finance Audit Report Oct 3, 2023
Untangled Finance V2 Audit Untangled Finance V2 Audit Report Apr 8, 2024

💼 Cronus Finance Audit

Cronus Finance is an AMM DEX deployed on the EVMOS ecosystem. A portion of Cronus Finance’s code is based on SushiSwap, which features liquidity mining rewards and governance token staking. It is worth noting that Cronus Finance also implemented new features such as a Stable Cronus Staking that converts LP fees into stablecoins and allows $sCRN holders to claim exchange fees denominated in stablecoins.

Title Audit Report Link Date
Cronus Finance Protocol Cronus Finance Audit Report June 15, 2022

💼 Hashgraph Name Protocol Audit

hashgraph.name is a distributed, open, and extensible naming system built on the Hedera Hashgraph.

Title Audit Report Link Date
Hashgraph Name Protocol Hashgraph Name Protocol Audit Report August 11, 2022

💼 Kolor Audit

Kolor’s protocol is a metaverse project that includes tokens, NFTs, and a marketplace system.

Title Audit Report Link Date
Kolor Protocol Kolor Protocol Audit Report August 19, 2022

💼 Celo Contracts Audit

This report presents our engineering engagement with the Celo dev team on the Celo contracts audit for Pull Request #9740. In this pull request review, the Celo team implemented 'OdisPayments.sol', which stores the balance to be used for ODIS quota calculation.

Title Audit Report Link Date
Celo Contracts Audit PR#9740 Celo Contracts Audit PR#9740 Audit Report August 29, 2022

💼 Pangolin Hedera Contracts Audit

Pangolin Hedera contracts contain two parts. The AMM DEX contracts and a treasury vesting contract. The AMM DEX contracts are on Uniswap V2 core contracts with support for Hedera native tokens. The treasury vesting contract distributes Pangolin’s Hedera native token PNG based on a 30-month vesting plan.

Title Audit Report Link Date
Pangolin Hedera Contracts Pangolin Hedera Contracts Audit Report September 2, 2022

💼 Spirals Audit

Spirals Protocol is a lightweight protocol that redirects block rewards to climate impact.

Title Audit Report Link Date
Spirals Spirals Audit Report September 12, 2022

💼 OpenMRV Audit

OpenMRV is a protocol that allows storing the summarized hashes produced by the provider’s input measurement data on the CELO network.

Title Audit Report Link Date
OpenMRV OpenMRV Audit Report September 16, 2022

💼 Thallo Audit

Thallo carbon credit bridge is a suite of smart contracts that enables the issuance (bridging), retirement, and unbridging of Voluntary Carbon Credits (VCCs) in the form of fungible ERC20s.

Title Audit Report Link Date
Thallo Thallo Audit Report October 7, 2022

💼 Fluidity Audit

Fluidity is a yield-generating protocol that rewards people for using their cryptocurrencies. Fluidity Money tokens (Fluid Assets) are a 1-to-1 wrapped asset that exposes holders to randomly paid rewards when they use their cryptocurrencies. Rewards are paid out according to a drawing mechanism held on each transaction of their Fluid Assets. These rewards are generated by the cumulative yield generated by the underlying asset, which is deposited and lent on money markets.

Title Audit Report Link Date
Fluidity Fluidity Audit Report October 26, 2022

💼 Mimic Finance Audit

Mimic is a platform that allows users to deploy tailored infrastructure to automate DeFi operations in a trustless and non-custodial way. Some examples of these operations are treasury management, index rebalancing, fee distribution, liquidity provision, etc.

Title Audit Report Link Date
Mimic Finance Mimic Finance Audit Report October 27, 2022

💼 Blue

BlueFi is a project that allows a new form of liquidity that embeds compliance-related functionality into assets. This protocol implements ERC20 wrapper tokens called SAFE Tokens that can only be traded by wallets that are KYC/AML verified. SAFE tokens are a novel innovation in liquidity infrastructure that allows KYC checks to take place inside of tokens by restricting the transfer functions to only be executed if both parties in the transaction pass this check.

Title Audit Report Link Date
Blue Blue Audit Report Nov 11, 2022
Blue v2 No Public Report July 27, 2023

💼 Pirex-GMX Audit

Pirex is a product by Redacted that creates liquid wrappers that allow for auto-compounding and the tokenization of future yield/vote events. Pirex-GMX aims to integrate GMX into Pirex by providing users with a way to tokenize their GMX, GLP, and esGMX tokens.

Title Audit Report Link Date
Pirex-GMX Pirex-GMX Audit Report Feb 03, 2023

💼 Mircochain Audit

One of the first DEX projects for the Fuel network, the modular & execution layer of Ethereum. Mircochain is an AMM DEX implemented in Sway Language.

Title Audit Report Link Date
Microchain Microchain Audit Report Jan 30, 2023

💼 Mento Audit

MultiCollateral-Mento or “McMint” is a generalization of the Mento system with the aim of allowing virtual pools between any mento stable asset and mento collateral asset to be traded under different pricing regimes.

Title Audit Report Link Date
Mento Mento Audit Report Feb 09, 2023

💼 Younergy Audit

Younergy Crypto is a protocol that scales solar-as-a-service with decentralized finance primitives embedded in decentralized energy systems. Younergy enables direct solar power funding while sharing revenue and minting the associated carbon credits to participants.

Title Audit Report Link Date
Younergy Younergy Audit Report Mar 21, 2023

💼 Celo Monorepo PR Audit

This report presents our engineering engagement with the Celo dev team on the celo-monorepo repository for 11 PRs from #9798 to #10159.

Title Audit Report Link Date
Celo Monorepo PR Audit Audit Celo Monorepo PR Audit Report Mar 09, 2023

💼 Celo staked-celo PR Audit

This report presents our engineering engagement with the Celo dev team on the staked-celo repository for 9 PRs from #72 to #120.

Title Audit Report Link Date
Celo staked-celo PR Audit Celo staked-celo PR Audit Report Mar 27, 2023

💼 Y2K Finance Audit

Y2K Finance is a suite of structured products designed for exotic peg derivatives, allowing market participants to robustly hedge or speculate on the risk of a particular pegged asset (or basket of pegged assets), deviating from their 'fair implied market value'.

Title Audit Report Link Date
Y2K Finance Audit Y2K Finance Audit Report Mar 17, 2023

💼 Poolshark Audit

Poolshark Range pool is a concentrated liquidity pool supporting both fungible and non-fungible positions. Non-fungible positions use ERC20 as position tokens which can be transferred and traded.

Title Audit Report Link Date
Poolshark Audit Poolshark Audit Report Apr 04, 2023

💼 Yama Finance Audit

Yama Finance is an omnichain CDP protocol. It is a system of smart contracts that work together to maintain the health of the Yama stablecoin.

Title Audit Report Link Date
Yama Finance Audit Yama Finance Audit Report Apr 18, 2023

💼 Ather Internal Audit

Security inspection on ather team's internal fund management tool.

Title Audit Report Link Date
Ather Audit No Public Report / Internal Audit Only July 26, 2023

💼 Cog Finance

Cog Finance is a lending protocol that uses different oracles, which was the scope of this audit, to determine if a borrower is solvent. This is done by updating the exchange rate between the collateral asset and the borrowed asset through the oracles.

Title Audit Report Link Date
Cog Finance Audit Cog Finance V1 Oracle Audit Report Aug 31, 2023

💼 U Protocol

The U Protocol is an Arbitrum-based lending protocol. Users can collateralize using wstETH to borrow $U, which is U’s stablecoin. The intention is for the U protocol to be launched in other layers 2s afterwards. A portion of the U’s code is based on Vesta Finance which is a fork of Liquity.

Title Audit Report Link Date
U Protocol Audit U Protocol Audit Report Aug 31, 2023

💼 Mantle Ecosystem

Mantle Network is a technology stack for scaling Ethereum, and we strive to be EVM-compatible while doing so. Being EVM-compatible means all the contracts and tools that work on Ethereum also work on Mantle Network with minimal modifications. Users can experiment with exciting web3 apps, and developers can deploy smart contracts in an efficient, low-fee environment.

Title Audit Report Link Date
Mantle L2 ERC20 Token Bridge Audit Mantle L2 ERC20 Token Bridge Audit Report Sep 28, 2023
Mantle MDI Quests Audit Mantle MDI Quests Audit Report Oct 10, 2023
Mantle LSP L2 Audit Mantle LSP L2 Audit Report Nov 21, 2023
Mantle Staking Hub Audit Mantle Staking Hub Audit Report Apr 3, 2024

💼 Redacted Hidden Hand Marionette Report

Marionette veNFT wrapper is an ERC721-based voting and reward management service, engineered to interface with various voting escrowed protocols seamlessly. The service offers bribe optimization, reward consolidation, automatic compounding functionality, and automatization of veNFTs functionalities, thereby improving user experience within these protocols.

Title Audit Report Link Date
Redacted Hidden Hand Marionette Audit Redacted Hidden Hand Marionette Audit Report Nov 10, 2023
Marionette Thena Adapter Audit Marionette Thena Adapter Audit Report Jan 22, 2024

💼 Sonorus ERC20 and Vester Contracts

Security review on Sonorus' ERC20 and Vester contract.

Title Audit Report Link Date
Sonorus ERC20 and Vester Audit Sonorus ERC20 and Vester Audit Report Dec 7, 2023

💼 DODO Stake Contract

Security review on DODO's TimeLock staking contract.

Title Audit Report Link Date
DODO Stake Contract Audit DODO Stake Contract Audit Report Apr 12, 2024

💼 Gemnify Audit

Gemnify is a decentralized derivative exchange tailored for pegged assets that aims to offer amplified leveraged trading and capital-efficient support for open interest.

Title Audit Report Link Date
Gemnify Audit Gemnify Audit Report Jun 13, 2024

💼 NETZ Audit

Security review on NETZ's liquidity pool contract.

Title Audit Report Link Date
NETZ Audit NETZ Audit Report Aug 12, 2024

📍 Severity Categories Standards

| smart contract risk categories

Severity Description
High Issues that are highly exploitable security vulnerabilities. It may cause direct loss of funds / permanent freezing of funds. All high severity issues should be resolved.
Medium Issues that are only exploitable under some conditions or with some privileged access to the system. Users’ yields/rewards/information is at risk. All medium severity issues should be resolved unless there is a clear reason not to.
Low Issues that are low risk. Not fixing those issues will not result in the failure of the system. A fix on low severity issues is recommended but subject to the clients’ decisions.
Informational Issues that pose no risk to the system and are related to the security best practices. Not fixing those issues will not result in the failure of the system. A fix on informational issues or adoption of those security best practices-related suggestions is recommended but subject to clients’ decision.

🚩 Status Categories

| smart contract risk categories

Status Description
Unresolved The issue is not acknowledged and not resolved.
Partially Resolved The issue has been partially resolved.
Acknowledged The Finding / Suggestion is acknowledged but not fixed / not implemented.
Resolved The issue has been sufficiently resolved

🏢 Official Channels

| Verilog's official channel list

Channels Link
Website https://www.verilog.solutions/
Twitter https://twitter.com/verilog_audit
Github https://github.com/Verilog-Solutions
Email [email protected]
Telegram BD Lead: https://t.me/dexchen

Disclaimer

Verilog Solutions receives compensation from one or more clients for performing the smart contract and auditing analysis contained in these reports. The report created is solely for Clients and published with their consent. As such, the scope of our audit is limited to a review of code, and only the code we note as being within the scope of our audit is detailed in this report. It is important to note that the Solidity code itself presents unique and unquantifiable risks since the Solidity language itself remains under current development and is subject to unknown risks and flaws. Our sole goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies. Thus, Verilog Solutions in no way claims any guarantee of the security or functionality of the technology we agree to analyze.

In addition, Verilog Solutions reports do not provide any indication of the technologies' proprietors, business, business model, or legal compliance. As such, reports do not provide investment advice and should not be used to make decisions about investment or involvement with any particular project. Verilog Solutions has the right to distribute the Report through other means, including via Verilog Solutions publications and other distributions. Verilog Solutions makes the reports available to parties other than the Clients (i.e., “third parties”) – on its website in hopes that it can help the blockchain ecosystem develop technical best practices in this rapidly evolving area of innovation.