Pact Security Audit Officially Completed by Runtime Verification
The team at Pact is pleased to confirm the successful conclusion of our pre-mainnet engagement with Runtime Verification (RV). Working with RV to complete a security audit of our smart contract code was an important milestone in being able to deliver our Automated Market Maker (AMM) to the public. We can now share the Audit report publicly with the community and move forward with confidence from the findings.
The comprehensive audit took place in a two-phase process over a total 6-week period from November 17, 2021 to December 17, 2021 and from January 10, 2022 to January 21, 2022. Pleasingly, the RV feedback was extremely positive, highlighting that:
“The contract’s source code is of exceptionally high quality, and we have enjoyed working with the team at Pact Finance, who have provided us with any assistance possible to make the audit process smooth and productive.” — Runtime Verification
During the audit, only one medium-severity issue, two low-severity issues, and four information-only findings were found and reported. Importantly, RV have confirmed within the report that, “all the issues have been appropriately addressed.”
The key items identified are summarised as follows:
- One medium-severity issue was discovered in relation to potential pool monopolisation by an initial creator, which could have impacted the affordability of liquidity tokens in those pools for subsequent entrants.
- Two low-severity minor issues were detected, which included the possibility of user fund ‘donations’ to a pool (due to user error), when interacting with smart contracts directly. Note, this issue is not possible when using our front-end application or upcoming SDK.
Further outlined in the report were several smaller informative observations made by RV, all of which have been taken onboard and corrected by the Pact team. The Pact team have welcomed all feedback, and are grateful to have closed out the potential for pool monopolisation, which was swiftly addressed as outlined in the report.
The Runtime Verification audit report does not constitute legal or investment advice. The preparers of this report present it as an informational exercise documenting the due diligence involved in the secure development of the target contract only, and make no material claims or guarantees concerning the contract’s operation post-deployment.