Chronobank had 3 independent security audits
“The ChronoBank team has planned for different risks”
Mikko Ohtamaa
“No system is safe until proper verification tools exist — compiler errors are still common”
Nikolai Mushegian
“In general the contracts are well-written and follow good practices. The New Alchemy Team identified no critical bugs or vulnerabilities”
Peter Vessenes
Chronobank security team involves 3 independent security researchers to proceed with security and issues audit of TIME and LH token smart contracts.
We have received a reasonable good marks with a set of very useful comments for future developments and improvements. No serious issues have been found by the moment. Nevertheless a lot of remarks and recommendations can be found inside each reports. We have to focus here that some recommendations will be modified accordingly in future updates. Several recommendation have been taken into account and fixed in latest Smart Contracts repository commits. We have also to admit here to all users without strong technical background, who will be in touch with audit reports, that most remarks you will find inside are mostly related to architecture and design than to security itself. We have conducted a meeting with our Smart Contracts developers and took a decision to decline most of them.
The most valuable thing we have to point here, that it was our first audit experience. We have already put in our plans to make security audit of all our future developments in case of updates or features extends to make our solutions as secure as possible.
Resolved remarks list:
- Extended values checks
- Extended or reordered events
- Compiler version fix
- Modifiers and function calls chains fix
For future work remarks list:
- Improve LH Token business logic
- Improve update procedure
- Promote update algorithm
- Rethink recovery procedure
Declined remarks list:
- Move LH Tokens Fee processing to external contract
- Error handling change (already reworked inside solidity itself)
- Superfluous safety checks
Our auditors and reports:
Mikko Ohtamaa (TokenMarket)
An experienced smart contracts developer, security researcher and blockchain entrepreneur
blog article:
audit report:
https://github.com/ChronoBank/SmartContracts/issues/13
Peter Vessenes (New Alchemy)
The global blockchain and smart contracts expert who first drew attention to the vulnerability in The DAO
blog article:
audit report:
https://www.dropbox.com/s/hhgueb4wru5ytb0/ChronobankAudit.draft.pdf
Nikolai Mushegian (MakerDAO)
The security researcher who saved MakerDAO from the same fate as The DAO
blog article:
https://blog.chronobank.io/makerdao-saviour-nikolai-mushegian-to-audit-chronobank-bc4feb2184b5
audit report:
https://github.com/ChronoBank/chronobank-review/blob/master/review.md