Smart Contract Security Audit

Smart Contract Security Audit

Smart contract security is paramount for any decentralized application that holds or controls the flow of users’ hard-earned funds.

While we at OctoFi have written our code with care and prioritized security, software bugs are an inevitable fact of life for even the most diligent of development teams.

Undergoing a security audit by a highly respected and thorough third party is of the utmost importance to ensuring our smart contracts run as designed. It also gives our users the confidence needed to deposit any amount of their cryptocurrency into the OctoFi Ecosystem.

This is why we are pleased to announce that the OctoFi smart contracts on the Ethereum blockchain are currently undergoing some security audits and two reports can already be perused.


In the audit process, the following crucial features of the code are considered:

  • Whether the code conforms to the specification.
  • Whether the code meets best coding practices.
  • Whether the code is secure.

The audit was done according to the following procedure:

Automated analysis:

  • Scan of project’s code base with Automated Scanner (Mythril, Slither, Solhint, HoneyBadger)
  • Manually verification (reject or confirm) all the issues found by tools (SWC-Registry, Overflow)

Manual audit:

  • Inspection of the code and revert the initial algorithms of the protocol and then compare them with the specification
  • Manually analyze the code for security vulnerabilities


  • Reflect all the gathered information in a report


OCTO Token (ERC20) based on Ethereum

Source: GitHub1 Etherscan2

MythX (Tool by ConsenSys)

Findings: 3 (LOW)

Download Audit


Findings: 2 (LOW)

Download Audit

OCTO Yield Smart Contract based on Ethereum

Source: GitHub3

MythX (Tool by ConsenSys)

Findings: 1 (LOW) 1 (MEDIUM)

Download Audit


Findings: 13 (LOW)

Download Audit


A majority of the code was standard and copied from widely-used and reviewed contracts and as a result, a lot of the code was reviewed before. It correctly implemented widely-used and reviewed contracts for safe mathematical operations.

The audit identified no major security vulnerabilities, at the moment of audit. A majority of the functions were self-explanatory, and standard documentation tags (such as @dev, @param, and @returns) were included.

The libraries used are based on OpenZepplin codebase, such as Roles, IERC20, SafeMath, SafeERC20 etc.


The audit does not give any warranties on the security of the code. One audit cannot be considered enough. It’s always recommended proceeding with several independent audits and a public bug bounty program to ensure the security of the code. Besides, security audit is not an investment advice.

Smart Contract Security Audit
Prev post

Public Testing of OctoFi DEX for Bonding Curve

Next post

Aquarium 001 (Transparency Report)

Smart Contract Security Audit