Audits

Security Auditing

Consistent with our commitment to a secure platform, internal and external security audits are a foundational element to our security program. Our team has conducted an in-depth security audit and will publish it for review. In addition, we have consulted with two external Security SMEs. One Security SME was focused on the external components of the project, i.e. exposed attack surface, front-end web application vulnerabilities, and infrastructure attacks. The other Security SME focused on smart contract security.

The next element is a benchmark audit, and we have engaged with several well known firms. Current time estimates for benchmark audits are significant due to the unique nature of the code in our project, i.e., the auditors require research & development time to thoroughly examine original code.

We made a conscious decision to launch without a formal audit from a benchmark external firm. We are in the process of finding a firm that can get us scheduled in a timely manner.

Separate from this we have successfully contracted with a lesser known security firm and have an audit currently on-going as of September 18th, 2021. The results of this audit will be published as will the results of the longer term benchmark audit.

Heimdallr Security Audit

Our first security audit is in as of September 25th, by Security Firm Heimdallr. This is the first security audit for the initial launch version of the platform. The emphasis of this audit included both manual and automated analysis review of our smart contracts. In addition, we had the team walk through our tokenomics documentation and the UI/Front End to ensure the data flow between the two were congruent. All major high and medium level vulnerabilities were mitigated and remediated. Some low and informational level vulnerabilities exist, but these do not represent meaningful attack vectors for a would be adversary / attacker.

Security Analysis Phase: September 6th - 17th, 2021

Remediation Phase: September 18th - 22nd, 2021

Security Firm: https://heimdallr.network/

Final Report Delivery: September 25th, 2021

SME Security Audit

The team contracted with a senior developer from the MetaMask project. See profile here: https://github.com/EtDu Given the importance of interacting with MetaMask to the DEFI ecosystem and particularly our project, we wanted to ensure we had a review by a developer closely associated with projects we interact with. Overall the security audit occurred after our first audit so many findings had already been mitigated. No major vulnerabilities were discovered and only optimizations were advised.

Bug Bounty Program

We recognize software development is a continuous process. In many cases, the underlying code base may change by 50% or more over a period of 6 months. We are implementing a bug bounty program to our security program that will allow independent security researchers to continuous evaluate and audit aspects of our code base.

Our goal is to ensure code is evaluated as it is being developed, and open the code to scrutiny from a diversity of firms and researchers to promote a thoroughly vetted mature security solution stack for the avtoMATC community.

Participation requirements and reward details will be released soon.