Independent audits are a vital part of a secure, resilient smart contract system, which is why Yieldly is proud to announce the completion of another successful audit. This time, the independent audit was carried out by industry leader Runtime Verification Inc, a startup working closely with projects built on the Ethereum, Algorand, Tezos and Elrond ecosystems.
This is the second independent audit that Yieldly’s native smart contracts and blockchain infrastructure have undergone since earlier this year, with the last one being carried out by another world-class cybersecurity firm, Halborn. These two audits aim to ensure customer safety and security. By having a fresh set of eyes look at our work, we can further ensure a healthy application security program.
Runtime Verification Inc. applies formal methods to improve the safety, reliability, and correctness of computing systems for aerospace, automotive, and the blockchain. They have worked on embedded systems with clients such as NASA, Boeing and Toyota and, on blockchain projects such as Cosmos, Gnosis, IOHK, Maker, PlatON, Polkadot and Uniswap.
Audit Details
Yieldly team has been working for the past months to bring a set of products to the Algorand ecosystem and decided it was crucial to carry out a second audit to mitigate any potential risk and vulnerabilities in the code. This time around, Yieldly Finance engaged the services of Runtime Verification Inc. for a two-week time period to audit the lottery and the staking contracts, both part of the core smart contracts. Runtime Verification team reviewed the contracts’ business logic and the implementation in TEAL to identify any issues that could potentially cause the system to malfunction or be exploited.
The audit consisted of a manual code review where the contract source code was carefully examined to detect any unexpected behavior. On top of that, consistency between the logic and the low-level TEAL implementation was checked through constructing different high-level representations of the TEAL codebase. We are pleased to announce that our developers have addressed all the findings at the time of writing this blog post.
About Runtime Verification
Runtime Verification is an American startup with a global presence. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services and products to improve the safety, reliability, and correctness of software systems in the blockchain field.
Originally published at https://yieldly.finance on September 14, 2021.
