Posted on November 1, 2022 by Melissa Baber
Posted in Audits
Runtime Verification is pleased to announce the Hatom smart contract audit completion. Hatom is a decentralized lending protocol built on the Elrond Blockchain. It is a complete money market ecosystem that allows users to lend, borrow and stake their crypto assets at competitive interest rates.
With the Hatom protocol, users can lend or borrow crypto assets in the Elrond ecosystem. Lenders can deposit tokens into the lending pool and gain corresponding HTokens, which accrue interest from the asset borrowers. Likewise, borrowers are able to borrow in an over-collateralized manner.
The protocol allows for governance participation through its native Hatom token, as well as providing token holders the ability to stake their Hatom tokens to earn a share of the generated income.
The audit scope included the entirety of the protocol’s on chain libraries and smart contracts. In the protocol, smart contracts are grouped into modules, and the scope of the audit included modules responsible for the following operations:
The audit scope is limited to the Rust source code of the on-chain modules and smart contracts and excludes any deployment and upgrade scripts, off-chain codebase, and client-side portions of the codebase. A detailed list of all the contracts, libraries and interfaces audited can be found in the report.
Runtime Verification conducted a manual code review for a period of 8 weeks and delivered a detailed report on October 19th, 2022.
The first step of the audit process consisted of gaining a better understanding of the protocol’s use cases, as well as the business model of the Hatom protocol based on a set of inputs and documentation provided by the Hatom team. In this step, RV auditors took special care to analyze the interactions between endpoints to ensure that all the use cases are covered by the end points of the protocol.
In the second step, the functional correctness of each endpoint was reviewed against the public documentation and the white paper. This step focused on rounding error analysis and checking that the interest rate and staking rewards were computed correctly.
Then, the critical properties of each module were identified and verified to hold in the protocol. During this step, Runtime Verification and the Hatom team worked to implement upgrades to the oracle module to prevent the protocol from experiencing a price manipulation attack.
Finally, the protocol was reviewed against known security vulnerabilities for similar protocols to ensure that it would not be at risk for such attacks.
The audit identified and highlighted some issues along with some informative findings. Runtime Verification worked with the Hatom team to review a number of fixes to the code and incorporate them into the smart contracts, as well as assisting with optimizations and improvements to the oracle module.
Readers interested in a more detailed and technical explanation of the findings can go over the full report in our GitHub repository.
Hatom Labs is a technology company based in Liechtenstein dedicated to developing the Hatom ecosystem and its associated projects. The company supports development teams in creating and sustaining meaningful initiatives within the Hatom ecosystem. It is the parent company of Hatom Protocol, the first and only complete decentralized lending protocol built on the Elrond Blockchain.
Runtime Verification is a technology startup based in Champaign-Urbana, Illinois. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services and products to improve the safety, reliability, and correctness of software systems in the blockchain field.