December 28, 2021
SundaeSwap Labs, Inc. is pleased to announce that Runtime Verification (RV) has finished its security audit of the SundaeSwap protocol. All issues that were identified by the audit have been resolved to the satisfaction of the auditor’s validation process. RV will publish a full report detailing the findings, including a verification of all solutions put in place to satisfy the audit requirements. We’ll update this announcement as soon as a link is available to their full audit.
The RV audit included a thorough review of SundaeSwap contracts using verification-based techniques, the identification of specific risk vectors, and a full analysis of the SundaeSwap development team’s fixes for issues identified by the audit.
“There were no rubber stamps here,” said Pi Lanningham, Chief Information Officer of SundaeSwap Labs. “RV’s thorough process identified a number of issues that we were able to quickly resolve. The result is a DEX that is able to safely meet the needs of the Cardano DeFi Community. Cardano’s core principles embrace security and resilience, and it is important for the protocols built on Cardano to carry on this tradition. By completing this audit, we have accomplished that for version 1 of the SundaeSwap protocol”
SundaeSwap Lab’s relationship with RV has not ended with the completion of this audit — RV will also be engaged to review future updates to the protocol that SundaeSwap plans to build.
“We plan to continue to engage with Runtime Verification as we build future improvements to the protocol and present them to the DAO for voting,” added Lanningham. “It is critical for the long-term success of any DEX to evolve in a secure and robust way.”
Issues identified by RV range from simple to devious. The SundaeSwap protocol will be both among the first, and among the most complex protocols to launch on Cardano; in addition to the many issues identified and fixed during development, it was inevitable that a few issues would remain. This is why the audit was critical: the fresh perspective and extremely thorough methodology employed by RV helped to identify remaining issues such as a subtle rounding error on withdrawal that would have disadvantaged liquidity providers and a sequence of actions that would have allowed someone to mint arbitrary Sundae tokens
Once the full, detailed audit report becomes available, we will share it with the community along with RV’s blog post about the audit. Stay tuned for more news as we enter the new year and head towards the protocol’s mainnet rollout!
SundaeSwap Labs develops decentralized finance (DeFi) platforms that enable economic empowerment for all. At the heart of its development efforts is the SundaeSwap DEX, a decentralized exchange where Cardano-based peer-to-peer transactions can be conducted quickly, safely and inexpensively.
SundaeSwap’s website: https://sundaeswap.finance/
About Runtime Verification
Runtime Verification is an American startup with a global presence. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services and products to improve the safety, reliability, and correctness of software systems in the blockchain field.
Runtime Verification’s website: https://runtimeverification.com/