Smart contracts: audit report

In order to launch Golem in the most correct, responsible and secure manner possible, the team needed to complete a critical step — the audit of the smart contracts.

As the project evolved, we kept adding new features and improvements that required new ways of interacting with the blockchain in order to maximize efficiency and provide better security. To deal with that, we implemented additional smart contracts with the necessary requirements, that will be deployed on the mainnet and connected with the Golem app.

And to make sure the newly created contracts are safe and meet our needs, we engaged with an external company to perform an audit.

The audit has now been concluded by Trail of Bits — a security firm of professionals with a very reputable history predating the recent burst of popularity of smart contracts audits. They conducted a detailed security analysis from the perspective of an attacker with access to the public Golem documentation and source code. Moreover they sought to identify risks, and ranked their severity based on their likelihood and potential impact.

Covered areas

  • Is it possible for an unauthorized third party to gain administrative access to deployed Golem contracts?
  • Are tokens managed and stored securely within the contract?
  • Can these newly added contracts be manipulated to distort token balances?
  • Is it possible to cause the contract services to enter an unrecoverable state?

Final result

Reported findings were ranging from the strictly informative to high severity and priority fixes. They have been addressed by us and Trail of Bits has performed a final run over the contracts to confirm that there are no any more vulnerabilities. This will help to ensure that our contracts are safe to deploy and use.

If you would like to deep-dive into the audit — you can find the full report here and the code on our Github here.