We have completed an audit of the Melon Protocol smart contracts. The initial audit involved four auditors over a period of two weeks, followed by reviewing code updates. See the report to find out more about the scope of the audit, the considered properties, and our findings.
The Melon Protocol smart contracts have been audited manually by security experts and using automated security tools for Ethereum smart contracts. The initial audit involved 4 auditors over a period of 2 weeks from 28 January to 11 February, followed by reviewing code updates delivered between 12 February and 22 February. On request of Melonport ChainSecurity Ltd reported critical and high severity issues on an ongoing basis during the audit to facilitate quick remediation.
During the audit process and the code update review process the following issues have been reported:
- Security: two critical, three high, five medium, and nine low severity issues
- Trust: six medium severity issues
- Design: three medium and six low severity isues
Out of these, all critical and high severity issues have been fixed. Most medium and low severity issues have been fixed or addressed.
The project is complex, each fund consists of several contracts which interact with external exchanges and tokens. Security audits of such systems cannot guarantee absence of errors.