DeFi Smart Contract Security Audit

Systematically analysing and evaluating the risks associated with the DeFi projects

Why Get Your Project A Diligence By QuillAudits

Having a due diligence done by a competent firm is a must have for any project, and with the expertise of QuillAudits it will be done flawlessly. The due diligence process for DeFi is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.

security

Why DeFi Due Diligence?

While interacting with DeFi protocols, users' and investors' funds are likely to be stolen. Due Diligence in a DeFi project is one of the crucial steps in analysing DeFi protocols before using them.
There is a steep rise in DeFi-related scams and cryptocurrencies being stolen; having a thorough analysis of the DeFi project can help avert them. Investigating a DeFi project by considering the movement of funds between address to address can save users and investors from fraudulent activities in the DeFi ecosystem that is vulnerable and should be approached cautiously.

security

Risks associated with the DeFi Ecosystem

QuillAudits acknowledges the significant threats linked to the DeFi ecosystem, which can lead to many critical possibilities.
We identify ways the system is susceptible to be gamed or abused, what parts are exposed to centralisation risks like the point of interaction with oracles, and what governance mechanisms are in place that could be a potential threat to the investor funds.

Coding Risk

Coding Risk

The complex nature of DeFi protocols is not surprising that there are errors in the code that can provide malicious parties with an attack vector through which hackers can steal funds. One such attack was on DeFi protocol SushiSwap which was exploited for between $10,000 and $15,000.

The risk posed as it is trivial for a malicious party to take control of the singular source of data and manipulate the market to their profit. Oracles are a possible source of systemic risk, and their data feeding role is prone to manipulation.

Centralization Risk

Centralization Risk

Financial Risk

Financial Risk

DeFi protocols are based on public blockchains. These blockchains typically have a native digital asset. The price-performance of the asset of the supporting blockchain is likely to affect the value of the holdings locked in a DeFi protocol. While this may lead to profit, it is also possible that there are losses.

Unfortunately, due to a combination of factors, such as a lack of understanding and the complexities in technology, some regulators and jurisdictions are not in favour of the DeFi space. Fortunately, this issue is likely to be alleviated with time.

Regulatory report

Regulatory Risk

NECESSARY

Benefits of DeFi Due Diligence

Intrinsic Risks
Intrinsic Risks

Risk mechanisms that are, by default, incorporated into a protocol's design are referred to as intrinsic protocol risk. Even if the protocols function as they should, they pose significant dangers to investment plans. With DeFi due diligence, risks can be mitigated from centralised counterparties to programmable mechanics in a protocol.

Extrinsic Risks
Extrinsic Risks

Attacks such as oracle manipulations, flash loan exploits or attacks exploiting contract logic bugs are extrinsic risks associated with DeFi protocols. Thorough analysis helps in identifying whether a trustworthy firm audits the protocol you are dealing with or not.

Blockchain Risks
Blockchain Risks

DeFi protocols depend on the blockchain infrastructure on which they are built. Compromising parameters like consensus mechanisms on a specific blockchain can lead to vulnerabilities in DeFi projects on those platforms. We check for the dependency of these protocols on the underlying blockchains.

Marketplace Risks
Marketplace Risks

If the asset price significantly changes from when the liquidity was delivered to the pool, investors in non-stablecoin AMM pools may experience losses. We analyse the traditional market risk elements like volatility and price manipulations that can impact investors' funds.

THE POSITIVES

What Should One Look For While Carrying out DeFi Due Diligence?

White Paper

White Paper

You should be cautious if a white paper briefly summarises a protocol without detailed information on the working of the protocol. If a project fails to explain its mechanism, it should be considered a Red Flag.

Documentation

Documentation

It tells how to interact with the protocol; verifying the documentation's uniqueness is one way to spot potential scams, as a good project has its documentation written by the project team.

Team

Team

It's often not a good sign when team members only post about and hype up the token for their project. A successful project team concentrates on the result, which is the protocol itself rather than the token.

Tokenomics

Tokenomics

Approaching projects with a sizable portion of the token supply allocated to insiders and project team members should be done cautiously. Tokenomics helps to understand the economic condition of protocol.

Process

How we Process

Process Flow Diagram
Know More

THE DETAILS

Our Smart Contract Security Blueprint

Map Image
QuillAcademy IconLearn More about Web3 Security

A Comprehensive Look at Hacks and Scams in Web3

Each year, millions drain down the crypto hacks. Here are a few examples how hackers took advantage of the loopholes in the code to escape with millions:

In March 2022, $615M were stolen from Ronin Network, a platform powering the popular mobile game Axie Infinity.

In August 2021, the criminals transferred $611M-worth of Poly Network tokens to three wallets they controlled.

In September 2020, $275m worth of cryptocurrency was stolen from the Singapore-headquartered exchange KuCoin.

Top ten biggest cryptocurrency thefts by estimated losses as of June 2022

Caption: Values calculated according to cryptocurrency prices at the time of the theft

Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.

Hacks GraphCurious about the most common types of vulnerabilities and attack vectors in the Web3 space? Our Hackerboard can help you stay informed

PORTFOLIO

Latest Work

Therapoid Smart Contract Audit Report

Therapoid Smart Contract Audit Report

View
TheRugGame Smart Contract Audit Report

TheRugGame Smart Contract Audit Report

View
Bored & Lucky Smart Contract Audit Report

Bored & Lucky Smart Contract Audit Report

View
PixelWar Smart Contract Audit Report

PixelWar Smart Contract Audit Report

View
Browse through Our Audits

PROOF OF CAPABILITIES

Why QuillAudits

Check List

850+
Audits Completed

Money Bag

$30B
Secured

Software Development

800k
Lines of Code Audited

Years of Experience

5+
Years of Experience

TESTIMONIALS

What our Clients are saying

Very professional and timed delivery. Also very prompt in responses and queries.

Stack OS

Vishnu Korde

CEO, StackOS

The team is very supportive and they were able to work as per our requirements

Drife Logo

MUDIT MARDA

CO FOUNDER AND CTO, DRIFE

QuillAudits did a great job with our audit, was very professional and provided quick service

Pandora Logo

PUSHKAR VOHRA

CEO, PANDORA FINANCE

QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.

Polygon DAO Logo

CORE TEAM

POLYGONDAO

FAQ

Frequently Asked Questions

Visit our FAQs help centre to clear out any doubts or queries you may have regarding us and our services. or reach out to us directly at Telegram.

Explore FAQs
What is DeFi Diligence?
DeFi Due Diligence is the methodical examination to analyse risks associated with DeFi protocols. It is a systematic way to identify possibilities in which the system is prone to threats. It helps users and investors identify what parts of a DeFi project are exposed to risks and could potentially threaten their funds.
What issues can be identified during DeFi Diligence?
Why DeFi Diligence Important?

Trusted by 850+ Web3 Products

Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo
Clients Logo

NEWSLETTER

Security First Newsletter by QuillAudits

DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.

Newsletter