They say good things come to those who wait, and we have waited for everrr.
It is our sheer pleasure to announce that after a long (long) process, our security audit has ended, and it is BEAUTIFUL.
As we communicated before, we started our security audit process with 2 of the most respected smart contracts audit firms Paladin & Certik, back in late July. Aware of the fact that Revault’s innovative platform was built from scratch, we should have known it will take more time than the usual audit process. Part of the architecture that makes Revault such a unique project is based on the novel notion of creating an individual proxy smart contract for each of Revault’s users, That is why you shouldn’t freak out if your first ever transaction on our platform can get to 5$! it’s the cost of a dedicated contract being created just for you. This architecture enables our platform to automatically withdraw and deposit users’ funds from the most profitable vault to the next based on their set parameters, and to avoid a single point of failure — it is much easier to hack 1 contract that holds all the TVL other than many.
Our blessing was also our curse as both of our audit firms admitted that our innovative approach is something they had never seen in the space before. Acknowledging that, we had taken the hard decision of postponing our ILO from its originally planned date to make sure we are taking all security measures to reduce any chance of vulnerability to the minimum.
This is a great opportunity to thank our early backers for their endless support and patience while we diligently worked with our auditing firms. But thankfully, the wait is over. We have just received the final audit report of Paladin and you can read all 68 pages of it here.
As you can see there were 60 total findings on Paladin’s original audit and currently, only 1 finding (Issue #22) of 2nd degree remained partially resolved. According to Paladin, since our REVA reward mechanism is calculating the user TVL in BUSD, it is possible to manipulate that mechanism into thinking one user has all of the TVL and therefore to get all the REVA emission dedicated to the TVL rewards (15% of total supply, remember?).
Let’s break that finding down to understand the risk and why it was only partially resolved.
The most critical thing our developers and auditors are worried about is Flash loans. This extraordinary financial tool exists only in Defi, since it is the only place where the lender can be 100% sure he will get back his loan + interest. That is because if there is 1 failed transaction in the chain of transactions of the flash loan, everything gets reverted and the loan never leaves the lender wallet.
The threat presented by Paladin here is that someone can take a Flash loan in order to manipulate the BUSD price of CAKE for example, and in this way make our protocol believe the CAKE investors have the vast majority of the total TVL, so they will be entitled to most of the REVA emission.
To be precise, we are talking about a total emission of 0.7 REVA per block, 15% of it is designated for the TVL rewards, meaning 0.105 REVA. And so, since a flash loan is taking place in one transaction in one block, the maximum $REVA a flash loaner is able to gain is 0.105 $REVA.
Although we are optimistic that it will be worthwhile to initiate a Flash loan at a cost of hundreds of dollars in order to get only 0.105 $REVA, we currently find this threat not so worrying. However, we still took several steps to prevent such an attack from happening:
- We made it impossible to run a transaction that is part of a Flash loan in our contracts (see tx.origin for more information)
- We created a function that anyone can call, that recalculates the TVL rewards for each vault, so even if someone will be able to manipulate the price, as soon as this function is called it will get undone.
Furthermore, it is worth noting that currently we are focusing only on supper high cap assets and avoid adding price-sensitive long-tail ones. On top of that, we are currently in advance discussions with Chainlink for implementing their Keepers system for the platform’s price feeds and decentralized oracles reducing price manipulations risk even lower.
Paladin’s team is one of the most talented we came across in relation to security. They are very thorough, and because of the tx.origin Flash loan defense can be changed by a future EIP, such an attack might still occur, so they were not able to mark this issue as fully resolved, and we respectfully accept it.
As to CertiK audit, Although 1 critical issue was found and resolved, there are still some medium severity issues related to the fact our contracts are upgradable. Only after we will deploy our contracts to the mainnet, under the control of a multisig wallet and behind a timelock, will these issues be marked by Certik as resolved.
We chose to start our $REVA emission exactly on our launch date where all $REVA tokens are simultaneously distributed to our early investors and ILO participants. Choosing this distribution model, we could not deploy the contract and not have the emission start and on the other hand, did not want to add a contract meddling option. Therefore, Certik did not find a way to verify there is no option of changing the contract prior to the launch date and will check it as soon as it is deployed.
Next stop ILO
With this huge checkmark on another milestone in our journey to the future, we have resumed the discussions we started with pretty much all launch pads to reschedule our ILO date. In the next few days, an announcement will be out with a specific date and additional information about the last chance to contribute in the early rounds of the project.
Expect the unexpected and make sure you follow our channels so you won’t miss out on this one.