Founded by a group of cryptography researchers and smart contract engineers in North America, Verilog Solutions elevates the security standard for Web3 ecosystems by being a full-stack Web3 security firm covering smart contract security, consensus security, and operational security for Web3 projects.
Verilog Solutions team works closely with major ecosystems and Web3 projects and applies a quality above quantity approach with a continuous security model. Verilog Solutions onboards the best and most innovative projects and provides the best-in-class advisory service on security needs, including on-chain and off-chain components.
| our engineering engagement with project teams
Unlike popular Automated Market Making (AMM) or Proactive Market Making (PMM), WOOFi Swap’s Sythethetic Proactive Market Making (sPMM) is a brand new market-making algorithm that can successfully solve the slippage issue in Decentralized Exchange (DEX) by simulating order book structure in Centralized Exchange (CEX).
Title | Audit Report Link | Date |
---|---|---|
WOOFi Swap | WOOFi Swap Audit Report | October 17, 2021 |
One of the first DEX projects for the Emerald paratime on the Oasis Network. YuzuSwap is an AMM DEX with innovative trading incentive designs, such as the trading pool share token (TPST).
Title | Audit Report Link | Date |
---|---|---|
YuzuSwap DEX | YuzuSwap Audit Report | January 4, 2022 |
YuzuSwap Staking Contracts | YuzuSwap Staking Contract Audit Report | March 30, 2022 |
Vesta Finance is an Arbitrum-based lending protocol. Users can collateralize ETH and other supported assets to borrow $VST, which is Vesta Finance’s stablecoin. Vesta will support other collateral after the launch.
Title | Audit Report Link | Date |
---|---|---|
Vesta Finance | Vesta Finance Audit Report | January 30, 2022 |
Fountain Protocol is one of the first Lending protocols on the Emerald Paratime of Oasis Network.
Title | Audit Report Link | Date |
---|---|---|
Fountain Protocol | Fountain Protocol Audit Report | February 18, 2022 |
Fountian Protocol Incremental Audit | Fountain Protocol Incremental Audit Report | April 12, 2022 |
TGT Protocol is one of the first lending protocols and margin trading platforms on the Emerald Paratime of Oasis Network.
Title | Audit Report Link | Date |
---|---|---|
TGT Protocol | TGT Audit Report | February 24, 2022 |
A mobile-first DeFi exchange on the Celo network. Ubeswap provides decentralized exchange and automated market marker protocol for Celo assets. Ubeswap is recently adding new features including limit order.
Title | Audit Report Link | Date |
---|---|---|
Ubeswap | Ubeswap Audit Report | March 20, 2022 |
GNO token is used in various GNO ecosystem products. GNO ecosystem includes various applications and infrastructure, such as Gnosis Auction, Gnosis Safe, and Gnosis Chain. Gnosis Beacon Chain is currently live and secured with GNO token, and the Gnosis Beacon Chain will merge with Gnosis Chain later.
Title | Audit Report Link | Date |
---|---|---|
GNO Token V2.0.0 | GNO Token V2.0.0 Audit Report | April 22, 2022 |
A decentralized peer-to-pool-based NFT liquidity protocol. Depositors provide ETH liquidity to the lending pool to earn interest, while borrowers can borrow ETH from the lending pool using NFTs as collateral.
Title | Audit Report Link | Date |
---|---|---|
Lending Protocol | Lending Protocol Audit Report | May 24, 2022 |
Liquidity Protocol | Blue-chip NFT Liquidity Audit Report | August 3, 2022 |
BendDAO ApeCoin Staking | BendDAO ApeCoin Staking Audit Report | Dec 15, 2022 |
ApCoin Vault | ApeCoin Vault Audit Report | Feb 15, 2023 |
NFT wrapper | NFT wrapper Audit Report | Feb 27, 2023 |
BendDAO ApeCoin Staking V2 | BendDAO ApeCoin Audit Report | May 25, 2023 |
BendDAO V2 Lending and Liquidity Protocol | BendDAO V2 Audit Report | June 4, 2024 |
A Game-Fi/Social-Fi Web3 application. Users could acquire STEPN NFT sneakers and earn rewards by engaging in outdoor activities.
Title | Audit Report Link | Date |
---|---|---|
STEPN | STEPN Audit Report | June 3, 2022 |
The Untangled Protocol is a decentralized lending and liquidity protocol for real-world asset collaterals. Below is a graph explaining the connections and relations between contracts. Additionally, there is some relevant information regarding the most important contracts and concepts:
Title | Audit Report Link | Date |
---|---|---|
Untangled Protocol | Untangled Protocol Audit Report | June 3, 2022 |
Untangled Finance Audit | Untangled Finance Audit Report | Oct 3, 2023 |
Untangled Finance V2 Audit | Untangled Finance V2 Audit Report | Apr 8, 2024 |
Cronus Finance is an AMM DEX deployed on the EVMOS ecosystem. A portion of Cronus Finance’s code is based on SushiSwap, which features liquidity mining rewards and governance token staking. It is worth noting that Cronus Finance also implemented new features such as a Stable Cronus Staking that converts LP fees into stablecoins and allows $sCRN holders to claim exchange fees denominated in stablecoins.
Title | Audit Report Link | Date |
---|---|---|
Cronus Finance Protocol | Cronus Finance Audit Report | June 15, 2022 |
hashgraph.name is a distributed, open, and extensible naming system built on the Hedera Hashgraph.
Title | Audit Report Link | Date |
---|---|---|
Hashgraph Name Protocol | Hashgraph Name Protocol Audit Report | August 11, 2022 |
Kolor’s protocol is a metaverse project that includes tokens, NFTs, and a marketplace system.
Title | Audit Report Link | Date |
---|---|---|
Kolor Protocol | Kolor Protocol Audit Report | August 19, 2022 |
This report presents our engineering engagement with the Celo dev team on the Celo contracts audit for Pull Request #9740. In this pull request review, the Celo team implemented 'OdisPayments.sol', which stores the balance to be used for ODIS quota calculation.
Title | Audit Report Link | Date |
---|---|---|
Celo Contracts Audit PR#9740 | Celo Contracts Audit PR#9740 Audit Report | August 29, 2022 |
Pangolin Hedera contracts contain two parts. The AMM DEX contracts and a treasury vesting contract. The AMM DEX contracts are on Uniswap V2 core contracts with support for Hedera native tokens. The treasury vesting contract distributes Pangolin’s Hedera native token PNG based on a 30-month vesting plan.
Title | Audit Report Link | Date |
---|---|---|
Pangolin Hedera Contracts | Pangolin Hedera Contracts Audit Report | September 2, 2022 |
Spirals Protocol is a lightweight protocol that redirects block rewards to climate impact.
Title | Audit Report Link | Date |
---|---|---|
Spirals | Spirals Audit Report | September 12, 2022 |
OpenMRV is a protocol that allows storing the summarized hashes produced by the provider’s input measurement data on the CELO network.
Title | Audit Report Link | Date |
---|---|---|
OpenMRV | OpenMRV Audit Report | September 16, 2022 |
Thallo carbon credit bridge is a suite of smart contracts that enables the issuance (bridging), retirement, and unbridging of Voluntary Carbon Credits (VCCs) in the form of fungible ERC20s.
Title | Audit Report Link | Date |
---|---|---|
Thallo | Thallo Audit Report | October 7, 2022 |
Fluidity is a yield-generating protocol that rewards people for using their cryptocurrencies. Fluidity Money tokens (Fluid Assets) are a 1-to-1 wrapped asset that exposes holders to randomly paid rewards when they use their cryptocurrencies. Rewards are paid out according to a drawing mechanism held on each transaction of their Fluid Assets. These rewards are generated by the cumulative yield generated by the underlying asset, which is deposited and lent on money markets.
Title | Audit Report Link | Date |
---|---|---|
Fluidity | Fluidity Audit Report | October 26, 2022 |
Mimic is a platform that allows users to deploy tailored infrastructure to automate DeFi operations in a trustless and non-custodial way. Some examples of these operations are treasury management, index rebalancing, fee distribution, liquidity provision, etc.
Title | Audit Report Link | Date |
---|---|---|
Mimic Finance | Mimic Finance Audit Report | October 27, 2022 |
BlueFi is a project that allows a new form of liquidity that embeds compliance-related functionality into assets. This protocol implements ERC20 wrapper tokens called SAFE Tokens that can only be traded by wallets that are KYC/AML verified. SAFE tokens are a novel innovation in liquidity infrastructure that allows KYC checks to take place inside of tokens by restricting the transfer functions to only be executed if both parties in the transaction pass this check.
Title | Audit Report Link | Date |
---|---|---|
Blue | Blue Audit Report | Nov 11, 2022 |
Blue v2 | No Public Report | July 27, 2023 |
Pirex is a product by Redacted that creates liquid wrappers that allow for auto-compounding and the tokenization of future yield/vote events. Pirex-GMX aims to integrate GMX into Pirex by providing users with a way to tokenize their GMX, GLP, and esGMX tokens.
Title | Audit Report Link | Date |
---|---|---|
Pirex-GMX | Pirex-GMX Audit Report | Feb 03, 2023 |
One of the first DEX projects for the Fuel network, the modular & execution layer of Ethereum. Mircochain is an AMM DEX implemented in Sway Language.
Title | Audit Report Link | Date |
---|---|---|
Microchain | Microchain Audit Report | Jan 30, 2023 |
MultiCollateral-Mento or “McMint” is a generalization of the Mento system with the aim of allowing virtual pools between any mento stable asset and mento collateral asset to be traded under different pricing regimes.
Title | Audit Report Link | Date |
---|---|---|
Mento | Mento Audit Report | Feb 09, 2023 |
Younergy Crypto is a protocol that scales solar-as-a-service with decentralized finance primitives embedded in decentralized energy systems. Younergy enables direct solar power funding while sharing revenue and minting the associated carbon credits to participants.
Title | Audit Report Link | Date |
---|---|---|
Younergy | Younergy Audit Report | Mar 21, 2023 |
This report presents our engineering engagement with the Celo dev team on the celo-monorepo repository for 11 PRs from #9798 to #10159.
Title | Audit Report Link | Date |
---|---|---|
Celo Monorepo PR Audit Audit | Celo Monorepo PR Audit Report | Mar 09, 2023 |
This report presents our engineering engagement with the Celo dev team on the staked-celo repository for 9 PRs from #72 to #120.
Title | Audit Report Link | Date |
---|---|---|
Celo staked-celo PR Audit | Celo staked-celo PR Audit Report | Mar 27, 2023 |
Y2K Finance is a suite of structured products designed for exotic peg derivatives, allowing market participants to robustly hedge or speculate on the risk of a particular pegged asset (or basket of pegged assets), deviating from their 'fair implied market value'.
Title | Audit Report Link | Date |
---|---|---|
Y2K Finance Audit | Y2K Finance Audit Report | Mar 17, 2023 |
Poolshark Range pool is a concentrated liquidity pool supporting both fungible and non-fungible positions. Non-fungible positions use ERC20 as position tokens which can be transferred and traded.
Title | Audit Report Link | Date |
---|---|---|
Poolshark Audit | Poolshark Audit Report | Apr 04, 2023 |
Yama Finance is an omnichain CDP protocol. It is a system of smart contracts that work together to maintain the health of the Yama stablecoin.
Title | Audit Report Link | Date |
---|---|---|
Yama Finance Audit | Yama Finance Audit Report | Apr 18, 2023 |
Security inspection on ather team's internal fund management tool.
Title | Audit Report Link | Date |
---|---|---|
Ather Audit | No Public Report / Internal Audit Only | July 26, 2023 |
Cog Finance is a lending protocol that uses different oracles, which was the scope of this audit, to determine if a borrower is solvent. This is done by updating the exchange rate between the collateral asset and the borrowed asset through the oracles.
Title | Audit Report Link | Date |
---|---|---|
Cog Finance Audit | Cog Finance V1 Oracle Audit Report | Aug 31, 2023 |
The U Protocol is an Arbitrum-based lending protocol. Users can collateralize using wstETH to borrow $U, which is U’s stablecoin. The intention is for the U protocol to be launched in other layers 2s afterwards. A portion of the U’s code is based on Vesta Finance which is a fork of Liquity.
Title | Audit Report Link | Date |
---|---|---|
U Protocol Audit | U Protocol Audit Report | Aug 31, 2023 |
Mantle Network is a technology stack for scaling Ethereum, and we strive to be EVM-compatible while doing so. Being EVM-compatible means all the contracts and tools that work on Ethereum also work on Mantle Network with minimal modifications. Users can experiment with exciting web3 apps, and developers can deploy smart contracts in an efficient, low-fee environment.
Title | Audit Report Link | Date |
---|---|---|
Mantle L2 ERC20 Token Bridge Audit | Mantle L2 ERC20 Token Bridge Audit Report | Sep 28, 2023 |
Mantle MDI Quests Audit | Mantle MDI Quests Audit Report | Oct 10, 2023 |
Mantle LSP L2 Audit | Mantle LSP L2 Audit Report | Nov 21, 2023 |
Mantle Staking Hub Audit | Mantle Staking Hub Audit Report | Apr 3, 2024 |
💼 Redacted Hidden Hand Marionette Report
Marionette veNFT wrapper is an ERC721-based voting and reward management service, engineered to interface with various voting escrowed protocols seamlessly. The service offers bribe optimization, reward consolidation, automatic compounding functionality, and automatization of veNFTs functionalities, thereby improving user experience within these protocols.
Title | Audit Report Link | Date |
---|---|---|
Redacted Hidden Hand Marionette Audit | Redacted Hidden Hand Marionette Audit Report | Nov 10, 2023 |
Marionette Thena Adapter Audit | Marionette Thena Adapter Audit Report | Jan 22, 2024 |
Security review on Sonorus' ERC20 and Vester contract.
Title | Audit Report Link | Date |
---|---|---|
Sonorus ERC20 and Vester Audit | Sonorus ERC20 and Vester Audit Report | Dec 7, 2023 |
Security review on DODO's TimeLock staking contract.
Title | Audit Report Link | Date |
---|---|---|
DODO Stake Contract Audit | DODO Stake Contract Audit Report | Apr 12, 2024 |
Gemnify is a decentralized derivative exchange tailored for pegged assets that aims to offer amplified leveraged trading and capital-efficient support for open interest.
Title | Audit Report Link | Date |
---|---|---|
Gemnify Audit | Gemnify Audit Report | Jun 13, 2024 |
Security review on NETZ's liquidity pool contract.
Title | Audit Report Link | Date |
---|---|---|
NETZ Audit | NETZ Audit Report | Aug 12, 2024 |
| smart contract risk categories
Severity | Description |
---|---|
High | Issues that are highly exploitable security vulnerabilities. It may cause direct loss of funds / permanent freezing of funds. All high severity issues should be resolved. |
Medium | Issues that are only exploitable under some conditions or with some privileged access to the system. Users’ yields/rewards/information is at risk. All medium severity issues should be resolved unless there is a clear reason not to. |
Low | Issues that are low risk. Not fixing those issues will not result in the failure of the system. A fix on low severity issues is recommended but subject to the clients’ decisions. |
Informational | Issues that pose no risk to the system and are related to the security best practices. Not fixing those issues will not result in the failure of the system. A fix on informational issues or adoption of those security best practices-related suggestions is recommended but subject to clients’ decision. |
| smart contract risk categories
Status | Description |
---|---|
Unresolved | The issue is not acknowledged and not resolved. |
Partially Resolved | The issue has been partially resolved. |
Acknowledged | The Finding / Suggestion is acknowledged but not fixed / not implemented. |
Resolved | The issue has been sufficiently resolved |
| Verilog's official channel list
Channels | Link |
---|---|
Website | https://www.verilog.solutions/ |
https://twitter.com/verilog_audit | |
Github | https://github.com/Verilog-Solutions |
audit@verilog.solutions | |
Telegram | BD Lead: https://t.me/dexchen |
Verilog Solutions receives compensation from one or more clients for performing the smart contract and auditing analysis contained in these reports. The report created is solely for Clients and published with their consent. As such, the scope of our audit is limited to a review of code, and only the code we note as being within the scope of our audit is detailed in this report. It is important to note that the Solidity code itself presents unique and unquantifiable risks since the Solidity language itself remains under current development and is subject to unknown risks and flaws. Our sole goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies. Thus, Verilog Solutions in no way claims any guarantee of the security or functionality of the technology we agree to analyze.
In addition, Verilog Solutions reports do not provide any indication of the technologies' proprietors, business, business model, or legal compliance. As such, reports do not provide investment advice and should not be used to make decisions about investment or involvement with any particular project. Verilog Solutions has the right to distribute the Report through other means, including via Verilog Solutions publications and other distributions. Verilog Solutions makes the reports available to parties other than the Clients (i.e., “third parties”) – on its website in hopes that it can help the blockchain ecosystem develop technical best practices in this rapidly evolving area of innovation.