Golden Sentinel | SushiSwap completed the audit.The biggest risk is that the administrator's authority is not constrained by the community governance right

In recent days, the hottest liquidity mining DeFi project on Ethereum must be SushiSwap.

With the help of the incentive mechanism of distributing SUSHI tokens to liquidity providers, a large number of liquidity providers mortgaged Uniswap LP tokens to SushiSwap. In a short period of time, SushiSwap absorbed 70% of Uniswap's locked-up funds. Under such enthusiasm, the three major exchanges took the initiative to list SUSHI at the same time. This all happened without a contract audit being completed. Golden Finance reporters have previously reported on the introduction and mining tutorial of SushiSwap.

This is also the sword of Damocrite above SushiSwap's head. On September 3, the blockchain security company PeckShield announced the formal completion of the security audit of SushiSwap.

Golden Hot Search List: OKB tops the list: According to the Golden Finance ranking data, in the past 24 hours, OKB topped the list. The specific top five list is as follows: OKB, ADA, LTC, OK, XRP. [2020/11/14 20:49:27]

According to the report, the Paidun security audit found 13 potential problems, of which 2 were High, 3 were Medium, 6 were Low, and 2 were informational.

Golden Relativity | Coptis Gold: Consortium chains and public chains need tokens as incentives to improve the efficiency of clearing and settlement after transactions: In this issue of Golden Relativity, the respective advantages and applications of the coinless blockchain and the currency blockchain Scenario, Huang Lianjin, the founder of Nuclean and NULS technical consultant, said that generally, the research on the underlying technology of the blockchain is purely carried out, and no specific application scenarios are involved, and coins may not be needed. A private chain within a company may not need coins to be a blockchain. However, many application scenarios of coinless blockchain should be able to be solved with traditional distributed database technology. Most of the application scenarios of alliance chains and public chains require an incentive mechanism to bring together different parties or communities of interest, and require a native token or certificate to improve the efficiency of post-transaction clearing and settlement, and require Token economic model to support the ecosystem of blockchain application scenarios.

Some people say that the alliance chain does not need coins. In fact, most of the alliance chain projects have no incentive mechanism, and without a pass, it is a mess. The advantage of introducing tokens or certificates in the alliance chain is that the introduction of tokens or certificates in the decentralized or multi-centralized ecosystem of the alliance chain is equal to the introduction of a basic clearing, settlement and circulation mechanism. This can greatly reduce circulation and settlement costs. For example, developers can obtain tokens to develop the bottom layer of the alliance chain, service providers on the alliance chain system can pick up and send tokens as compensation, and service consumers can use tokens to consume. A consortium chain without tokens lacks native clearing and settlement and circulation units, and the formation of the entire ecosystem will be more difficult. [2018/9/29]

PeckShield security auditors believe that the overall design of SushiSwap code is relatively logical and rigorous, and there are two security risks with a high risk level. The biggest risk is that the administrator authority of the current contract is not restricted by the community governance right, but there is no serious threat to the security of user assets. systemic risk.

Jinse Finance live report Hainayun CTO Zou Jun: The difficulty of blockchain technology lies in how to make all nodes work in unison: Jinse Finance live report, at the 2018 Blockchain Technology and Application Summit, Hainayun CTO Zou Jun believes that blockchain The current limitation and difficulty of chain technology is to make all nodes work together in a distributed system. There are currently performance limitations, scalability limitations, ease of use limitations, compatibility cross-chain interconnection limitations, storage limitations, governance limitations, and software upgrade limitations in the blockchain. And other issues. [2018/3/31]

Pai Dun said that in SushiSwap, the governance contract (i.e. GovernorAlpha) plays a crucial role in governance role. Regulates system-wide operations (e.g., pool additions, reward adjustments, and migration settings). It also has the power to control or manage the lifecycle of proposals and make regulations regarding their submission, execution and revocation. With great privilege comes great responsibility. PieDun analysis shows that the governance contract does enjoy privileges, but it has not yet been deployed to manage the MasterChef contract, which is the core of SushiSwap.

To begin the audit, Piddon studied the smart contract source code and ran an internal static code analyzer through the code base. The goal is to statically identify known coding errors, as well as manually verify (reject or confirm) issues reported by the PieDun audit tool. Business logic is then further manually audited, system operations are checked, and DeFi-related parts are reviewed for possible pitfalls and/or errors.

Piedun said a series of potential issues had been identified: some involved unusual interactions between multiple contracts in subtle corner cases that might not have been thought of before while others had pointed out.

PieDun believes that, overall, the SushiSwap smart contract is well-designed, although it can be improved by addressing identified issues, including 2 high-risk level vulnerabilities, 3 medium-risk level vulnerabilities, 6 low-risk level vulnerabilities and 2 Information advice.

Paydun security audit report address:

https://github.com/peckshield/publications/blob/master/audit_reports/PeckShield-Audit-Report-SushiSwap-v1.0.pdf

Tags：

Binance APP