| Smart Contracts |
https://github.com/AlgemDeFi/audits |
High |
✅ |
|
|
https://docs.algem.io/development-and-security/contracts#role-based-smart-contact-management |
High |
✅ |
https://docs.google.com/spreadsheets/d/1ryS4cIv1wDziwWpJv9tO4md6MXtktk9ULbxnPN_ndss/edit?usp=sharinghttps://miro.com/app/board/uXjVMPk0_uk=/ |
|
https://docs.algem.io/development-and-security/contracts#pause-functionality |
High |
✅ |
|
|
https://docs.algem.io/development-and-security/contracts#timelock |
- |
- |
This function is not needed |
|
Formal verification |
Medium |
- |
|
|
Bug bounty |
Medium |
- |
Is planning to be launched after the Liquid Farming (Lending) roll-out. |
|
Testing and documentation |
Informational |
⌛ |
|
|
https://docs.algem.io/development-and-security/contracts |
Informational |
✅ |
|
| Frontend |
Access key management |
Medium |
✅ |
|
|
Ddos/XSS/CSRF/CSP protection |
High |
✅ |
Cloudflare Buisness WAF |
|
Domain name protection |
High |
✅ |
Ultimate domain name protection is activated |
| 2FA is activated |
|
|
|
|
|
Github account protection |
Medium |
✅ |
2FA is activated |
|
Access policies |
Informational |
|
|
| Price Oracles |
The price-base price feed oracle for nASTR insted of the collateral-base. |
High |
⌛ |
Additional liquidity is needed for the ASTR/nASTR pool on Arthswap |
|
Multi price feed oracle |
- |
⌛ |
|
|
Monitoring and emergency shutdown procedures |
Medium |
- |
|
|
Price oracle documentation |
Informational |
⌛ |
|
| Algem specific risks |
Risk of the full liquidation of the full Sio2 position |
Low |
⌛ |
|
| Internal practices |
https://docs.algem.io/development-and-security/internal-practices#product-architecture-design-workflow |
Informational |
✅ |
|
|
https://docs.algem.io/development-and-security/internal-practices#development-workflow |
Informational |
✅ |
|
|
https://docs.algem.io/development-and-security/internal-practices#pre-audit-preparations-ensuring-contract-integrity |
Informational |
✅ |
|
|
https://docs.algem.io/development-and-security/internal-practices#deployment-stages-ensuring-contract-success |
Informational |
✅ |
|
|
https://docs.algem.io/development-and-security/internal-practices#post-deployment-checks-and-protocols-ensuring-excellence |
Informational |
✅ |
|
|
CM terms and rules |
Informational |
⌛ |
|
|
Incident and emergency response plan |
Informational |
⌛ |
https://blog.tenderly.co/case-studies/what-good-war-room-emergency-procedure-yearn-finance-case/ |
| https://github.com/yearn/yearn-devdocs/blob/master/docs/developers/v2/EMERGENCY.md?ref=blog.tenderly.co |
|
|
|
|
| User-side security |
Multisig and hard wallets support |
|
|
|
|
Astar Safe integration |
|
|
|
| Other |
nASTR liquidity depth |
High |
⌛ |
|
|
nASTR collateral risk monitoring dashboard |
Informational |
|
|
|
Digital asset custody services integration |
|
research |
https://www.fireblocks.com/ |
|
Real time threats monitoring tool integration |
|
research |
https://forta.org/ |
|
User education and awareness |
Informational |
✅ |
The security tips rubric was launched in our blog. Information about risks was added to the docs. |
|
Insurance against smart contracts vulnerabilities |
Medium |
|
|
|
Security module implementation |
|
research |
|
|
Github account structure and updates |
Informational |
⌛ |
|
|
Social networks accounts protection |
Informational |
⌛ |
|
| Governance |
|
|
|
Not relevant for now |