Vantage Point completes the second official Folks Finance protocol audit.
The team has engaged Vantage Point to conduct a security audit of Folks Finance’s smart contract to identify security vulnerabilities, weaknesses, and any instances of non-compliance with best practices within the smart contract. An addition to the first completed in early February by Runtime Verification.
The security smart contract review included analysis of key protocol documents:
- Economic Model
- Protocol Overview
- Technical Design
This process was followed by the timely analysis of the PyTeal code.
Testing began on January 17, 2022, and was completed on February 16, 2022.
Vantage Point performed the review by first understanding the high-level business logic of the Folks Finance protocol and the interaction between the various smart contracts outlined in the provided documents and then understanding the potential issues, discrepancies, and defects within the smart contract logic through real-time communication with the Folks Finance team. A PyTeal code review on the provided code was completed to identify issues and non-compliance to Algorand’s best practices.
The code audit did not identify critical issues. Only two errors of medium severity were found, one of which was already resolved during the Runtime audit, and one of low severity accompanied by some observations; these issues and concerns were promptly resolved by Folks Finance developers. After the corrections, the code received a smart contract review retest by the auditor.
The fully detailed Vantage Point Audit Report is publicly available on the company GitHub.
Folks Finance CTO, Gidon Katten, commented as follows:
“Since the inception of this protocol, we have put security at the core; the conclusion of a second audit is a reconfirmation of that commitment. Our team is delighted to have collaborated with Vantage Point and looks forward to continuing our partnership in the future. ”
Vantage Point Security Group, Chief Hacking Officer, Paul Craig, commented as follows:
“VP reviewed the Folks Finance contracts from a purely white-box perspective with no stone left unturned or question unanswered. The contracts provided had detailed documentation and well-structured and correctly formed code, this is evidence of a mature development team who has spent time architecting and planning the codebase before development. Findings raised were indictive of trivial human-made mistakes and did not raise any critical level of risk nor are they uncommon to be found. Folks Finance is among the most mature contracts VP has reviewed on the Algorand blockchain.”
About Vantage Point
Founded in Singapore in 2014, Vantage Point Security is recognized for technical excellence in providing comprehensive security testing services to banking, finance, and fortune 500 enterprises. They have a proven track record in next-generation technologies such as serverless, cloud, mobile and blockchain and work with 7 out of 10 of the largest financial service providers in SE Asia.