uael domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the astra-addon domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Warning: Cannot modify header information - headers already sent by (output started at /var/www/html/wp-includes/functions.php:6114) in /var/www/html/wp-includes/rest-api/class-wp-rest-server.php on line 1893
{"id":1252,"date":"2022-09-22T13:25:42","date_gmt":"2022-09-22T13:25:42","guid":{"rendered":"https:\/\/ap-wa-blog-admin-2.azurewebsites.net\/?p=1252"},"modified":"2022-09-22T13:25:52","modified_gmt":"2022-09-22T13:25:52","slug":"amulet-secure-code-review-from-kudelski","status":"publish","type":"post","link":"https:\/\/amulet.org\/blog\/amulet-secure-code-review-from-kudelski\/","title":{"rendered":"Amulet – Secure Code Review from Kudelski"},"content":{"rendered":"\nAmulet Protocol is due to launch on the mainnet very shortly and we’re delighted to provide the report from Kudelski Security publically. <\/p>\n\n\n\n
This report is part of our ongoing relationship with Kudelski, more information can be found here: https:\/\/amulet.org\/blog\/amulet-protocol-and-kudelski-security-announce-new-strategic-relationship-to-tighten-security-within-web3\/<\/mark><\/strong><\/a><\/p>\n\n\n\n
Overview<\/strong>:<\/p>\n\n\n\n
Kudelski Security performed a secure code assessment on the Amulet Protocol smart contract system.<\/p>\n\n\n\n
The assessment was conducted remotely by the Kudelski Security Team. The source code review took place from 7\/14\u00a0\u2013\u00a08\/11, and focused on the following objectives:<\/p>\n\n\n\n
Key Findings<\/strong>:<\/p>\n\n\n\n
The issues found in the code were LOW or INFORMATIONAL findings. This shows that the overall risk profile of the application at the time of this assessment is low.The following are the major themes and issues identified during the testing period. These, along with other items, within the findings section, should be prioritized for remediation to reduce the risk they pose.<\/p>\n\n\n\n
Safe math was used often, but should be used more consistently throughout the code to prevent potential vulnerabilities from being introduced in future updates.<\/p>\n\n\n\n
Insurance policy coverage duration, claim expiration dates and claim payout dates may be affected by a lack of precision when dev Epochs are used in place of UNIX time.<\/p>\n\n\n\n
Single administrator accounts have significant capabilities. These functions should be limited by requiring multiple signers to prevent collusion. We have been informed that this is currently occurring off-chain, but this should occur on-chain in the future for transparency.During the test, the following positive observations were noted regarding the scope of the engagement:<\/p>\n\n\n\n
The code is well organized.<\/p>\n\n\n\n
Client contacts were very amenable to conducting joint secure code reviews with the Kudelski Security smart contract auditing team.<\/p>\n\n\n\n
Anchor framework usage is very consistent and follows the recommended syntax.<\/p>\n\n\n\n
Critical issues in architecture or code logic were discussed immediately via teleconference.<\/p>\n\n\n\n
Full Report<\/strong><\/p>\n\n\n\n
To delve deeper into the technical aspects and further findings, we have made the report public for anyone to download. <\/p>\n\n\n\n
Access the report here: https:\/\/files.amulet.org\/public\/AmuletGlobalMTRLabs.pdf<\/mark><\/strong><\/a><\/p>\n\n\n\n
If you have any questions, feel free to contact us on Discord: discord.gg\/amuletprotocol<\/mark><\/a><\/strong><\/p>\n\n\n\n