he HashEx team actively conducts smart contract auditing. She analyzed more than 150 contracts. Errors and shortcomings were found in some contracts. Investors could have lost $ 300 million, but they all turned to HashEx in time.
Polycrystal Finance has ordered HashEx services for auditing smart contracts. The work was completed in 4 days - from June 21 to June 25, 2021.
The purpose of the audit:
- To identify potential security problems.
- Check the logic that is the basis of the smart contract.
- Identify risks and how to improve security, how to eliminate problems.
- First, a short minimum delay was detected, which is an average danger. MINIMUM_DELAY has an installation for only 6 hours, which, according to experts, is not enough. In addition, the first change on the part of the administrator usually has no delay. It is recommended to set the minimum delay to 12 hours. polycrystal.finance works for 6 hours, as in some other companies to increase efficiency, but this can be a problem.
- CrystalToken: The mint() function is open to the owner, which is a low-risk problem. If there is a distribution of tokens, then MasterHealer must have the ownership right. Users need to verify ownership of the token before using it.
- Another problem with a low degree of danger is not using any piece of code. In this case, it is a BONUS MULTIPLIER with a value of 1. HashEx found several more problems of low severity.
Thus, the company has already carried out a large amount of work. The goals of the work are being set. Then, for several days, specialists are looking for some errors, some part of the code that stands out among other parts. The severity of the problem is analyzed and experts conclude how to fix the problem.
Important points about the audit
What should I pay attention to during the audit?
- The presence of an audit in a smart contract should not relax you. Carefully read everything that is written there. Maybe this is not an audit, but just a description of the marketing contract (tariffs and affiliate programs). And there is simply no full version of the audit. And the administrators of the contract are trying to deceive the client, sell him a plain text.
- The auditor should have an image – it should matter. Has he conducted contract reviews before? It is worth listening only to those auditors who have conducted inspections more than once. The audit should be not only on the contract website, but also on the auditor's website.
- What if the audit was forged? Imagine a situation: an auditor found a danger in a contract, the contract creator downloaded this audit, forged a file, deleted the lines about the danger and uploaded a new version to his website. To avoid this, auditors duplicate their audits to their websites (or channels).
HashEx is an excellent choice, even taking into account these criteria. The company fulfills all the conditions, so customers trust it. The best solution is to choose this company for audit work. Customer reviews indicate that the company works honestly from the very beginning