<p>Hacken, a reputable web3 cybersecurity auditor, conducted a Smart Contract Code Review and Security Analysis on Bepro Network’s v2 and we received a 9.8 out of 10 rating!</p><p><img src="https://taikai.azureedge.net/BNX2XM3k61yjFSXMEiA7Yp7WLfqsyyHDGqcP4YlIdgk/rs:fit:800:0:0/aHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3RhaWthaS1zdG9yYWdlL2ltYWdlcy80OTkzYTZhMC0yZWNkLTExZWQtYTgxYi05Zjc0OWFmYjA5ZDUxNng5LnBuZw" style="width:967px" class="fr-fic fr-dib" /><br /></p><h3>How was the audit performed?</h3><p>The scope of the project was smart contracts in <a href="https://github.com/taikai/dappkit" target="_blank">Bepro’s repository</a>. The analysis consisted of four different risk levels, as well as four score components with different metrics. </p><p>Let’s take a closer look at Hacken’s methodology:</p><p><br /></p><h3>Risk levels</h3><p><strong>Critical-level</strong> identifies critical vulnerabilities that are usually easy to exploit and can lead to asset loss or data manipulations.</p><p><strong>High-level</strong>, for vulnerabilities that are difficult to exploit, however, also have a significant impact on smart contract execution, e.g., public access to crucial functions.</p><p><strong>Medium-level</strong>, defines vulnerabilities that must be addressed; however, they cannot result in asset loss or data manipulation.</p><p><strong>Low-level</strong>, regarding vulnerabilities are mostly related to outdated, unused, etc. code snippets that cannot have a significant impact on execution.</p><p><br /></p><h3>Score components</h3><p>As for the score components, they were as follows:</p><h4><br />Documentation quality (D)</h4><p>The project code should be provided with corresponding documentation. Functional and technical requirements are required.</p><p>Functional and technical requirements total weights are 5.0 each. The weight in the overall score is 1.0.</p><p><br /></p><h4>Code quality (C)</h4><p>The code should follow official language style guides and be covered with unit tests. If most of the code follows those guides, the score is 3. Partially follows – 2.5. Not follows – 0.0.</p><p>Test coverage has a maximum weight of 7.</p><p>The weight in the overall score is 1.0.</p><p><br /></p><h4>Architecture quality (A)</h4><p>Smart contracts of the project should follow the best practices.</p><p>Clean and clear architecture and well-configured development environment – 10.</p><p>The weight in the overall score is 1.0.</p><p><br /></p><h4>Security level (S)</h4><p>The security level of reviewed contracts is the most important metric of the score.</p><p>Issues have 4 levels of severity: critical, high, medium, and low. Only actual issues are considered in the score calculation. Actual issues have the following statuses: “new” and “reported” (previously “acknowledged”).</p><p>Each critical, high, and medium issue decreases the score:</p><ul><li><p>Minus 10 per critical.</p></li><li><p>Minus 5 per each high.</p></li><li><p>Minus 1 per each medium.</p></li></ul><p>The minimum score is 0, maximum is 10. The weight in the total score is 7.0.</p><p><br /></p><p>Each metric has its own weight in the total score. The score has a decimal value with 1 decimal point and may vary between 0.0 and 10.0. These were the maximum weights of each metric:</p><ul><li><p>D – 1.0</p></li><li><p>C – 1.0</p></li><li><p>A – 1.0</p></li><li><p>S – 7.0</p></li></ul><p><br /></p><h4>Total score</h4><p>The total score calculation formula is:</p><p><img src="https://taikai.azureedge.net/NW40aZahli1ZfQkTkmhh4ZDaZlPYnx0RX00Qvq1k3Eo/rs:fit:800:0:0/aHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3RhaWthaS1zdG9yYWdlL2ltYWdlcy9hOGY5MDlhMC0yZWNkLTExZWQtOGQwZi0yMTc0MDllOTAxMGRDYXB0dXJhIGRlIGVjcmHMgyAyMDIyLTA5LTA3LCBhzIBzIDE3LjUzLjQxLnBuZw" style="width:143px" class="fr-fic fr-dib" /></p><h3>Results</h3><h4>Documentation quality</h4><p>The total Documentation Quality score is 10 out of 10. Functional requirements are provided and well-describes the product.</p><p><br /></p><h4>Code quality</h4><p>The total CodeQuality score is 8 out of 10. Basic user interactions are covered with tests. Test coverage is 25% for BountyToken, and 82% for NetworkRegistry and NetworkV2.</p><p><br /></p><h4>Architecture quality</h4><p>The architecture quality score is 10 out of 10. Code is separated into different contracts, following the single responsibility principle. Development environment is well set up.</p><p><br /></p><h4>Security score</h4><p>As a result of the audit, the code contains 3 low severity issues. The security score is 10 out of 10. All found issues are displayed in the “Findings” section.</p><p><br /></p><p><img src="https://taikai.azureedge.net/8ozcvICCcemTeVmNXU_8-T-i3VPvnZlvhTKNeH2cosM/rs:fit:800:0:0/aHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL3RhaWthaS1zdG9yYWdlL2ltYWdlcy8wMTVjZTgwMC0yZWNlLTExZWQtYTgxYi05Zjc0OWFmYjA5ZDVDYXB0dXJhIGRlIGVjcmHMgyAyMDIyLTA5LTA3LCBhzIBzIDE3LjU2LjE0LnBuZw" style="width:723px" class="fr-fic fr-dib" /><br /></p><h3>What does this mean for Bepro Network’s v2?</h3><blockquote><p><em>“While community development, and security through openness, is a must and we strive to adhere to it; </em><em>Hacken proved that branching out and procuring external entities to assure compliances and best practices is indeed a positive.”</em><br />- stated João Gonçalves, Head of Development at TAIKAI and Bepro Network.</p></blockquote><p>Over $3.2 billion was stolen from crypto projects in 2021 alone, with code exploits at the root of many of these cyber attacks. </p><p>We want to make sure that every organization, developer, and investor has access to a secure and reliable platform.</p><p>An external audit, performed by a highly reputable company, is a significant step toward ensuring the safety of our users and promoting transparency and responsibility among all stakeholders.</p><p><br /></p><h4>About Hacken</h4><p><a href="https://hacken.io/" target="_blank">Hacken</a> is a cybersecurity auditor with 5+ years of experience, hundreds of blockchain partners, and thousands of secured crypto projects. </p><p>Hacken protects technological businesses and crypto communities worldwide with the most competitive suite of professional cybersecurity services, including smart contract security audits, dApp audits, L1 protocol audits, and many more.</p><p>Hacken's smart contract audit is extremely effective because it uses a four-stage approach to code review, automatic test checks, and two separate auditors who conduct independent line-by-line code reviews and analyses to detect hidden flaws.</p><p><br /></p><h3>Stay tuned for the upcoming release of Bepro Network's v2!</h3><p>Join the <a href="https://form.jotform.com/222363470989668" target="_blank">waitlist</a> and be the first to discover new challenges.</p>

Hacken conducted a Smart Contract Code Review and Security Analysis on Bepro Network’s v2 and we received a 9.8 out of 10 rating!

Bepro Network’s v2 scores 9.8 out of 10 from Hacken security audit

Related Posts

TAIKAI Product Update 3.19

TAIKAI 3.18: our biggest release yet! 🚀

Introducing Points: complete quests, earn points, and get rewards!

Subscribe to our newsletter

Products

Community

Company

Help