Paribus 2nd Smart Contract Audit
Paribus 2nd smart contract audit was conducted by Hacken, the leading Security Consulting Company with an essential focus on blockchain security.
The Paribus Protocol is an Ethereum smart contract for supplying or borrowing assets. Through the pToken contracts, accounts on the blockchain supply capital (Ether or ERC-20 tokens) to receive pTokens or borrow assets from the protocol (holding other assets as collateral). Additionally, the Paribus pToken contracts track these balances and algorithmically set interest rates for borrowers.
The core contracts in the Paribus Protocol
- PToken, PErc20, and PEther — the Paribus pTokens, self-contained borrowing and lending contracts. Furthermore, PToken contains the core logic, and PErc20 and PEther add public interfaces for Erc20 tokens and Ether, respectively. Additionally, Each PToken is assign an interest rate and risk model and allows accounts to mint (supply capital), redeem (withdraw capital), borrow, and repay a borrow. In addition, each PToken is an ERC-20 compliant token where balances represent ownership of the market.
- Comptroller — the risk model contract, which validates permissible user actions and disallows actions if they do not fit certain risk parameters. For instance, the Comptroller enforces that each borrowing user must maintain a sufficient collateral balance across all pTokens.
- Paribus (PBX) — the Paribus Governance Token.
- InterestRateModel — contracts that ?define interest rate models. These models algorithmically determine interest rates based on the current utilization of a given market (that is, how much of the supplied assets are liquid versus borrowed).
- WhitePaperInterestRateModel — initial interest rate model, as defined
in the Whitepaper. This contract accepts a base rate and slope
parameter in its constructor.
Audit findings
- Critical — No critical severity issues and its safe
- High — No high severity issues its safe
- Medium
1. Unfinished code
TODO comments in the code. This indicates that the code is not yet complete.
Contracts: Liquidator.sol, Comptroller.sol, Reservoir.sol,
ChainlinkPriceOracle.sol
Recommendation: complete the code to meet all the requirements and
delete the TODO comments.
Status: Reported
2. The code does not consider all cases
The decimal normalization in the getUnderlyingPrice function works correctly only if the underlying decimal is 18 and priceDecimals is less
than or equal to 18.
The function may not work properly in some cases.
Contract: ChainlinkPriceOracle.sol
Function: getUnderlyingPrice
Recommendation: change decimals normalization to a more general one
that works properly with any decimals values.
Status: Fixed (Revised commit: d6e8335) - Low — No low severity issues and safety.
Furthermore, the smart contracts given for audit have been analyzed by the best industry practices at the date of this report. Moreover, with cybersecurity vulnerabilities and issues in smart contract source code, the details of which are disclosed in this report (Source Code); the Source Code compilation, deployment, as well as functionality (performing the intended functions).
MVP Testnet: Practice Makes Perfect
Moreover, Paribus is excited to share with its community some important developments surrounding the Paribus Minimum Viable Product (MVP). As they explained last week the current market conditions have given us the opportunity to test our MVP prior to its full public launch.
They had hoped to be able to whitelist wallet addresses from its staking program as a means of accessing the testnet version of the MVP, but this has proved to be impractical from a code level. Instead, they’re asking anyone who participated or is still participating in the staking program to complete the following form to gain testnet access.
To continue with…..
In addition to allowing stakers access to the testnet, they’re also allowing anyone who applied to the Paribus Ambassador Program to take part. In addition, they’ve decided to include access to anyone who has a genuine interest in our project and has applied to be a Paribus Ambassador.
Once the MVP is ready on the testnet participants will need to connect their email address with the protocol via the website.
AUDIT REPORT RESULT
Furthermore, while using this version of the platform, testnet tokens will be distributed for testing the MVP. Additionally, these testnet tokens work in exactly the same way as normal tokens would, however, they’re only usable within the testnet environment. As a result, you don’t have to pay or exchange regular tokens for testnet tokens, they’re simply dummy versions of cryptocurrencies, with no intrinsic monetary value.
Message from Paribus team
“The main goal of this initial testnet is to get a deeper understanding of how our UI is received by our community. We will be interested in how intuitive the platform navigation feels to the participants. Listening to community feedback will help us iterate in the most efficient way possible.”— Simon, Paribus CTO
Furthermore, being able to run through all aspects of borrowing and lending crypto on the testnet will create a diverse range of user experiences that many would otherwise be unable to experience.
“The initial audit report that we received showed a few items that needed our attention. This is exactly why we spent the time and resources on these security measures. All relevant recommendations have been resolved, and the second review from Hacken verified that our code is very secure. Our community can rest easy knowing that we are fully committed to the utmost diligence when securing the safety of our protocol.”— Deniz, Paribus CEO
Additionally, the other exciting piece of news they’re able to share is that they have published the result of its security audit. Hacken has done a wonderful job in testing the Paribus code. Due to the incredible talents of its dev team, has some small changes to make.
ABOUT Paribus
Paribus is the protocol that brings all of these forces together. It also offers DeFi holders and investors a platform to extend the reach of their digital assets. A position, on doubling down on their earning power.
ABOUT Hacken
Hacken is the leading Security Consulting Company with an essential focus on blockchain security.
RESOURCES
Medium