We are delighted to announce that the entirety of the Argano code has now been audited! Our team worked hard to eliminate any risks, and we can now proudly say that the platform is well protected.
Backstory
If you have been following our social media lately, you must know that the main concern and focus of this summer was security. The platform we are developing needs to be safe to use in order to function properly — the way we intend it to. We believe that there are enough vulnerabilities, and fraud within the DeFi and crypto industry: we don’t want to endanger our community in any way as well.
In order to make sure our code is devoid of any risks, we went on looking for the blockchain security auditing company to perform a deep overview of the smart contract structure, engaging static and manual analysis. After thorough market research, we found that the Obelisk team was a perfect match, so, we reached out. We are glad to say that once taking on the audit, Obelisk has been extremely cooperative in helping us find and resolve any issues.
As soon as any vulnerability was reported, we got on to mitigating it.
Risks vs Solutions
In this section of the article, we would like to show the correct actions adopted for the resolution of some of the vulnerabilities of varying risks and our solutions, as an example of the grand work that has been conducted.
Obelisk team commented: “Initially, there were multiple findings of all severity that were conveyed to the project team. The project team worked hard to get the recommended solutions into the contracts before they were deployed. All issues that were of the higher severity scale were solved in the code”.
Issue #1: High risk
Treasury and pools have migration functions. Migration functions can cause the immediate loss of all deposited funds to a malicious user as the contract owner.
Obelisk team recommendation: Ensure that a timelock is in place to give forward warning of migration. Timelock should exceed various internal time restrictions (such as withdrawal lockups) by a sufficient amount to give users time to react to such a critical change.
Our solution: Ownership of treasury and pool contracts was transferred to a timelock contract.
Issue #2: High risk
Treasury has a proxy function for use in emergencies. This function can be called at any time, however, bypassing many restrictions on contract calls from the treasury.
Obelisk team recommendation: Remove this function and specify the types of emergency behavior to be managed by the Treasury contract.
Our solution: The proxy call function was removed entirely.
Issue #3: Medium risk
Vesting time can be initialized to the past. This can potentially allow the claimDevFundRewards to mint up to the DEV_FUND_ALLOCATION amount (20 million) as soon as the contract is deployed.
Obelisk team recommendation: Add a check to prevent the vesting start time from being in the past.
Our solution: The vesting mechanism was removed.
Issue #4: Low risk
Uniswap router path is expected to be an array of token addresses. The code suggests that the LP tokens are what will be traded.
Obelisk team recommendation: Ensure that the swap path is set correctly.
Our solution: Swap path now correctly uses tokens.
The mentioned issues are only a fraction of what we managed to eliminate from the code: it is now squeaky clean if we can say so. The audit is available publicly, and if you would like to check what other vulnerabilities were struck off, you can download the document.
The bottom line
We are extremely excited to continue working on the Argano development: now, a cleaner, more secure platform. The last couple of months were full of hard work and required a lot of dedication to make the project as efficient as we want it to be. Today we can proudly say that our platform is safe.
Currently, we are working on conducting the right structure of the fundraising event, especially for the public round with the further independent token distribution based on the results. Look over our announcements and stay tuned, we will take care of the rest remaining.
If you have any comments or questions regarding the audit, you are welcome to leave them on any of our social media outlets: