{"id":371,"date":"2022-09-26T12:00:05","date_gmt":"2022-09-26T10:00:05","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=371"},"modified":"2025-02-19T14:16:45","modified_gmt":"2025-02-19T12:16:45","slug":"zunami-uzd-audit-summary","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/zunami-uzd-audit-summary\/","title":{"rendered":"Zunami: UZD Audit Summary"},"content":{"rendered":"

Update (18th August 2023)<\/em>: this audit report was performed on commit 53dc20a<\/code>. The hack<\/a> was performed by a donation (price manipulation) into strategy MimCurveStakeDAO (step 3<\/a>) that was first added in commit 6df0ae533a718a34df70984d745cc2d70fb7172d<\/code> and was not in the scope of this audit.<\/span><\/p>\n

Zunami<\/a> engaged Ackee Blockchain<\/a>\u00a0to review and audit<\/a> <\/span> the Zunami UZD between September<\/strong> 12 and 16, 2022<\/b>. The entire audit process was conducted with a total time commitment of 4 engineering days<\/b>. We now publish a summary of our results.<\/p>\n

Methodology<\/b><\/h4>\n

We start by reviewing the specifications, sources, and instructions provided to us, which is essential to ensure we understand the project’s size, scope, and functionality. This is followed by due diligence using the static analysis tools Wake<\/a> and Slither<\/a>.<\/p>\n

In addition to tool-based analysis, we continue with a detailed manual code review, which is the process of reading the source code line by line to identify potential vulnerabilities or code duplications. When the code review is complete, we run unit tests to ensure the system works as expected and potentially write missing unit or fuzzy tests. We also deploy the contracts<\/a> locally and try to attack and break the system.<\/p>\n

Scope\u00a0<\/b><\/h4>\n

We audited commit 53dc20a<\/code><\/em>\u00a0<\/i>of the ZunamiProtocol\/ZunamiStable<\/code>\u00a0repository.<\/p>\n

During the security review,\u00a0we paid particular attention to<\/strong>:<\/p>\n

\n
\n
\n