We have successfully completed a security audit of the DAOstack smart contracts. The audit process was performed over the course of four weeks and involved four security experts. See our report to find out more about the scope of the audit, the considered properties, and our findings.
Summary
During the investigation ChainSecurity Ltd noted that the project is of high quality, employs good coding practices and has clean code. Despite the system’s complexity the DAO maintain a clear overall structure thanks to the high degree of modularity and low coupling between components.
The system’s specifications were verified against a set of general and adversarial assumptions and an attacker model. As a result ChainSecurity Ltd was able to uncover several security vulnerabilities of varying severity as well as propose design optimizations and improvements. Most notably, a missing verification check would allow beneficiaries to redeem their reputation multiple times.
Finally, ChainSecurity Ltd remarks that all vulnerabilities and issues were professionally and swiftly addressed by the DAOstack team leading to a more resilient, efficient and secure system.