AlloyX audit report
Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum
WEBSITE
https://www.alloyx.xyz
DESCRIPTION
From July 13 to July 29, AlloyX engaged Veridise to review the security of their AlloyX Decentralized Autonomous Organization (DAO), a liquid staking protocol running on top of the Ethereum blockchain. The audit covered the Solidity smart contracts that the protocol consists of, which included implementations of the DURA and CRWN tokens defined by the protocol, “desk” contracts for interacting between the AlloyX DAO and third-party protocols (such as the Goldfinch lending protocol), and a few internal AlloyX DAO contracts for whitelisting users and tracking staking rewards. Veridise conducted this assessment over 10 person-weeks, with 5 engineers working on code. The auditing strategy involved tool-assisted analysis of the source code performed by Veridise engineers. The tools used in the audit included a combination of static analysis and formal verification.
Audit Report
SCOPE
To understand the scope of the audit, we first reviewed the documentation shared by the AlloyX developers, including the online documentation and whitepaper. AlloyX’s GoldfinchDesk contract interacts heavily with Goldfinch’s contracts, so we also looked at some of the relevant Goldfinch contracts and the Goldfinch whitepaper. Afterwards, we carefully reviewed the AlloyX code for bugs and security issues. As AlloyX fixed bugs in response to our findings, we also reviewed any of the fixes they made to check that they did not introduce additional issues.