Innovative DeFi insurance protocol InsurAce (www.insurace.io) has announced the launch of its mainnet protocol on Monday 26th April 2021 following the success of its testnet 2.0 launched earlier in the month and an audit from SlowMist (www.slowmist.com), which identified the smart contracts to be “Low Risk”.
The full audit report can be found here: Audit Report.
InsurAce is a decentralized insurance protocol, aiming to provide reliable, robust, and carefree DeFi insurance services to DeFi users, with very low premiums and sustainable investment returns.
The SlowMist security team adopts the strategy of “white box lead, black, grey box assists” to conduct a complete security test on the project in the way closest to the real attack.
The security audit process for the smart contract includes two steps:
1. Smart contract codes are scanned/tested for commonly known and more specific vulnerabilities using public and in-house automated analysis tools.
2. Manual audit of the codes for security issues. The contracts are manually analyzed to look for any potential problems.
Following this is the list of commonly known vulnerabilities that were considered during the audit of the smart contract:
Reentrancy attack and other Race Conditions Replay attack
Reordering attack
Short address attack
Denial of service attack
Transaction Ordering Dependence attack Conditional Completion attack
Authority Control attack
Integer Overflow and Underflow attack
TimeStamp Dependence attack Gas Usage, Gas Limit and Loops Redundant fallback function
Unsafe type Inference
Explicit visibility of functions state variables Logic Flaws
Uninitialized Storage Pointers
Floating Points and Numerical Precision
tx.origin Authentication
“False top-up” Vulnerability Scoping and Declarations
All High and Medium Risk issues were identified and fixed during the audit process. One identified Low Risk issue is the excessive authority over the smart contract which is unavoidable given the existing distribution of tokens ahead of the INSUR tokens being minted in exchange for assets staked on the protocol. This may be addressed as the protocol is adopted. All other issues have been resolved.
SoftMist identified InsurAce protocol as a “Low Risk” protocol following the audit.
