Posted on February 1, 2023 by Melissa Baber
Posted in Audits
Runtime Verification is pleased to announce the AshSwap audit completion. AshSwap is a platform built over the MultiversX blockchain that allows users to swap and also stake their stablecoins to obtain liquidity pool tokens, granting the users the benefit of receiving a portion of the fees of operations performed on the protocol.
The AshSwap protocol offers users several benefits for staking. Users who stake in the protocol gain liquidity tokens, which can be used to enter AshSwap’s yield farms. Users are rewarded with the platform’s ESDTs, the ASH token, by participating in these farms. These tokens, in turn, can be committed to a voting escrow for up to 4 years, and by providing their tokens, users are awarded voting rights and power in the protocol's governance.
Another benefit of committing their ASH is that users can boost yields in the platform’s yield farm, meaning that the greater the voting power of a user, the higher the rewards obtained from the platform’s yield farm.
The audit scope included the entirety of the protocols on-chain smart contracts -
The audit scope is limited to the Rust source code of the on-chain smart contracts. The native MultiversX libraries used in the protocol, tests, deployment scripts, and any off-chain related code were outside the scope of the audit. A detailed list of all the contracts, libraries, and interfaces audited can be found in the report.
Runtime Verification conducted a manual code review for a period of 8 weeks, and delivered a detailed report on January 11th, 2023.
The first step of the audit process consisted of a thorough review of the business logic of the protocol. To this end, a high-level abstraction of the logic was created to understand it better. During this process, rounds of discussions with the AshSwap team took place concerning the implementation.
Next, an initial review of the code took place. For this step, a more high-level approach was used to understand how the code implemented the desired features of the protocol. During this phase, the implementation of the protocol is cross-checked with the description of the features provided by the AshSwap team to ensure that all desired behaviors are presented correctly and that no additional and undesired behaviors present themselves as well.
Finally, a detailed review of specific operations of the code took place. Specifically, close attention was given to complex mathematical operations performed by the protocol to ensure they functioned as expected.
The audit identified some issues along with some informative findings. Although a formal review of code fixes was outside the scope of the audit, a best-effort review was conducted on some of the code changes.
Readers interested in a more detailed and technical explanation of the findings can review the full report in our GitHub repository.
AshSwap is the first decentralized exchange built on the MultiversX blockchain that allows users to trade between stable assets with high volume and small slippage. As Elrond grows to become the infrastructure of DeFi, more types of stablecoins will flow in, and users will need a place to swap them.
Runtime Verification is a technology startup based in Champaign-Urbana, Illinois. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services, and products to improve the safety, reliability, and correctness of software systems in the blockchain field.