Security is key, especially if within your own protocol you need to interact with other external protocols.
Even if you are really confident in your code, have studied all the previous hacks in the ecosystem and try to be as much up to date with the security topics, when you are responsible of other people money, extra safety is required. That’s why security audits, from respected third parties, are required to reinforce the trust of the users.
As a young project, it might be difficult to finance such audits that are quite expensive.
I would really love to know your recommandations on this matter, i guess it will be beneficial for everyone, and will reinforce the trust in Tron ecosystem overall.
Security audits are a great move but does these audits prevent any rugpull??
Does people really read this audits at all and when they do, do they really understand the technicalities involved?
Safemoon to me is a great example of how security audits can be used as a tool to scam uninformed investors.
I dont know how this recommendation will be anyway related to your project, but for educational purposes i will share it anyway.
In the heat of defi hacks, cream finance was a victim, on the 4th of October 2021, cream finance released a statement addressing how they were able to recover $16.7 million of their lost funds with the help of a project called LOSSLESS
We can also not forget the Harmony Hack, Lossless again was able to recover 78million
$AAG tokens
Now how does lossless work;
I dont know if it is possible, but integrating Lossless into your smart contract will go along way to mitigate hacks.
You can check them out on;
Just an opinion, i am in no way an expert. But i thought it wise to share. Thank you
Most of the memecoins in their way to prove their illegal activities through legal means resorted to audits from Hacken and others.
These audits made it clear in most instances how investors could lose their funds. But the wording of these statements were very hard to comprehend by the layman.
Therefore if a scam was bold enough to go for audit, it was deemed as legal, but in the end it was a shit show.
Así funciona, la prueba la tienes en la bolsa de valores, donde se hacen auditorias a las empresas inflando su beneficio para subir sus acciones, que más tarde las bajarán, ya que no es el valor real.
I believe you are right, we have to be extra carefull when “audits” are mentioned on a protocol page.
We have to do our own researches, to at least verify some basic information, even if we are not able to go through the code and technical details :
is the 3rd party auditor a respected and recognized actor of the ecosystem?
is there some respected actors of the ecosystem talking about this very protocol? It is in no way a warranty, but if you can pile up some positive feedback coming from different reliable sources, that’s always a good signal.
are the reports accessible online, and can you verify the source?
When i see this kind of page below, i have more confidence to use their protocol, even if there is no warranty or what so ever.
Lossless is has a really interesting approach, and i would have to dig more technically in their solution to really understand the details.
It is a solution when you create your own token, which doesn’t apply for all the protocols but that’s definitely of solution i’ll keep in mind.
Definitely smart contract auditing must not be swept under carpet. However, you have said it all, projects that are just shooting up will find it financially difficult to get a third-party auditor. Nevertheless, auditing needs to be done before deploying on the mainnet.
These free auditing tools/tips can be so helpful: GitHub - PatrickAlphaC/hardhat-security-fcc
Lastly, the project with the intention of thriving in the ecosystem MUST consider comprehensive auditing as one of the project goals/milestones
