Hacken, a reputable web3 cybersecurity auditor, conducted a Smart Contract Code Review and Security Analysis on Bepro Network’s v2 and we received a 9.8 out of 10 rating!
The scope of the project was smart contracts in Bepro’s repository. The analysis consisted of four different risk levels, as well as four score components with different metrics.
Let’s take a closer look at Hacken’s methodology:
Critical-level identifies critical vulnerabilities that are usually easy to exploit and can lead to asset loss or data manipulations.
High-level, for vulnerabilities that are difficult to exploit, however, also have a significant impact on smart contract execution, e.g., public access to crucial functions.
Medium-level, defines vulnerabilities that must be addressed; however, they cannot result in asset loss or data manipulation.
Low-level, regarding vulnerabilities are mostly related to outdated, unused, etc. code snippets that cannot have a significant impact on execution.
As for the score components, they were as follows:
The project code should be provided with corresponding documentation. Functional and technical requirements are required.
Functional and technical requirements total weights are 5.0 each. The weight in the overall score is 1.0.
The code should follow official language style guides and be covered with unit tests. If most of the code follows those guides, the score is 3. Partially follows – 2.5. Not follows – 0.0.
Test coverage has a maximum weight of 7.
The weight in the overall score is 1.0.
Smart contracts of the project should follow the best practices.
Clean and clear architecture and well-configured development environment – 10.
The weight in the overall score is 1.0.
The security level of reviewed contracts is the most important metric of the score.
Issues have 4 levels of severity: critical, high, medium, and low. Only actual issues are considered in the score calculation. Actual issues have the following statuses: “new” and “reported” (previously “acknowledged”).
Each critical, high, and medium issue decreases the score:
Minus 10 per critical.
Minus 5 per each high.
Minus 1 per each medium.
The minimum score is 0, maximum is 10. The weight in the total score is 7.0.
Each metric has its own weight in the total score. The score has a decimal value with 1 decimal point and may vary between 0.0 and 10.0. These were the maximum weights of each metric:
D – 1.0
C – 1.0
A – 1.0
S – 7.0
The total score calculation formula is:
The total Documentation Quality score is 10 out of 10. Functional requirements are provided and well-describes the product.
The total CodeQuality score is 8 out of 10. Basic user interactions are covered with tests. Test coverage is 25% for BountyToken, and 82% for NetworkRegistry and NetworkV2.
The architecture quality score is 10 out of 10. Code is separated into different contracts, following the single responsibility principle. Development environment is well set up.
As a result of the audit, the code contains 3 low severity issues. The security score is 10 out of 10. All found issues are displayed in the “Findings” section.
“While community development, and security through openness, is a must and we strive to adhere to it; Hacken proved that branching out and procuring external entities to assure compliances and best practices is indeed a positive.”
- stated João Gonçalves, Head of Development at TAIKAI and Bepro Network.
Over $3.2 billion was stolen from crypto projects in 2021 alone, with code exploits at the root of many of these cyber attacks.
We want to make sure that every organization, developer, and investor has access to a secure and reliable platform.
An external audit, performed by a highly reputable company, is a significant step toward ensuring the safety of our users and promoting transparency and responsibility among all stakeholders.
Hacken is a cybersecurity auditor with 5+ years of experience, hundreds of blockchain partners, and thousands of secured crypto projects.
Hacken protects technological businesses and crypto communities worldwide with the most competitive suite of professional cybersecurity services, including smart contract security audits, dApp audits, L1 protocol audits, and many more.
Hacken's smart contract audit is extremely effective because it uses a four-stage approach to code review, automatic test checks, and two separate auditors who conduct independent line-by-line code reviews and analyses to detect hidden flaws.
Join the waitlist and be the first to discover new challenges.
Join a builder community, stay up-to-date with the developer economy and everything related to the ecosystem!