< Back to articles

Monerium Smart Contracts Audit Summary

Audits, Ethereum, Wake July 1, 2024

Monerium is a financial technology company with the mission of making digital currency accessible, secure, and simple to transact. Monerium is an industry leader in compliant emoney solutions regulated in Iceland.

The smart contracts had previously been audited with a total time donation of 12 engineering days in a period between June 15 and July 4, 2023. The previous Monerium audit summary covers Revisions 1.0, 1.1, and 1.2. This audit summary focuses on the methodology, findings and recommendations of Revision 2.0 and 2.1.

Revision 2.0

Monerium engaged Ackee Blockchain to perform an additional security review of the Monerium Smart contracts (Revision 2.0 and 2.1) for a total of 4 engineering days in a period between February 20 and February 27, 2024. 

Revision 2.1

The fix review was done on the given commit: 34c846c. The issues W9, I7, I8, I9, and I10 were fixed according our recommendations. Warnings W7, W8, and Info I11 were acknowledged.

METHODOLOGY

Revision 2.0
We began our review by using Wake static analyzer. Then we performed a manual code review with a particular focus on:

  • validating ERC-2612 implementation,
  • signature refactor of the burn function and revised flow,
  • detection of common problems, including data validation issues,
  • compliance with best practices.

Revision 2.1

In revision 2.1, we manually reviewed the changes made to the contracts and the fixes of the issues found in the previous review.

SCOPE

The scope of the audit was the difference between previous Monerium audit commit 40c7c17 and the commit b0cd16d tagged as “v1.2.0”. The changes were audited in a broader context including a revision of all involved components.

Revision 2.0: The audit was performed on the commit b0cd16d.

Revision 2.1: The fix review was performed on the commit 34c846c.

 

FINDINGS

Here we present our findings.

Critical severity

No critical severity issues were found. 

High severity

No high severity issues were found. 

Medium severity

No medium severity issues were found. 

Low severity

No low severity issues were found. 

Warning severity

W7: Missing event.

W8: Unchecked return values.

W9: Dead code.

Information severity

I7: Duplicated hash string.

I8: Unused imports.

I9: Commented-out code.

I10: Interface organization.

I11: Typos.

CONCLUSION

Revision 2.0 resulted in 8 findings, ranging from Informational to Warning severity. 

W7 and W8 are related to events and data validation. W9, I8 and unused constant in I7 were discovered using the Wake static analyzer. Most of the findings point to the code quality. 

 

Ackee Blockchain recommends Monerium to:

  • ensure return values are always validated,
  • emit event after every contract state change,
  • remove unused code from the codebase,
  • address all other reported issues,
  • use Tools for Solidity (Wake) VS Code extension for static analysis (would identify W9, partly I7, and I8 during the development process).

 

Out of 8 findings Monerium fixed 5 issues and 3 were acknowledged with relevant comments.

 

Ackee Blockchain’s full Monerium audit report with a more detailed description of all findings and recommendations can be found here.

 

We were delighted to audit Monerium and look forward to working with them again.

You May Also Like

Education, Ethereum, Hacks, Tutorial, Wake July 11, 2024
Cross Contract Reentrancy Attack
Audits, Ethereum July 9, 2024
Catalyst’s Incentivized Message Escrow Revision 2.0 Audit Summary
Education, Ethereum, Hacks, Tutorial, Wake July 4, 2024
Cross Function Reentrancy Attack