Runtime Verification audits Element’s Finance Governance Protocol

Security efforts in DeFi and Governance Protocols

  • Transparency and communication are critical. Always look for projects that share and communicate openly with their audience. On top of that, there are some trust indicators such as open source code, public audit reports, tangible roadmaps and regular updates about the project’s goals and achievements.
  • No contracts are bulletproof against exploits. Still, it’s essential to reduce risks as much as possible. Internal testing conducted by an in-house security team, external auditing (with one or more firms), and formally verifying the code are some of the measures that can be taken to reduce risks.
  • When minor updates are introduced, smart contracts can potentially become vulnerable and cancel the validity of past testing and audits. That is why, when updating the smart contract code, projects should plan a series of steps to ensure that the smart contract’s behavior and logic haven’t changed. Element Finance is part of RV Care, an ongoing security assurance agreement with Runtime Verification. RV Care provides security continuity and additional audit coverage when changes or upgrades to the audited contracts are made.
  • Before using a protocol, it is essential to understand its logic and design, often available in the project’s documents. Telling the difference between a suitable and poorly designed protocol can be done by looking for red flags on the proposals page. An example of red flags would be if a project shows two or more proposals with a conflict of interest or zombie proposals (an approved proposal that failed in the execution phase but is still active on the proposals page).
  • Projects must do their due diligence to ensure that proposals that are spending or requesting a significant amount of tokens have good intentions. Also, if the target of a proposal is an external account, the project must ensure that the account is legitimate to avoid, for example, reentrancy attacks. Non-technical users are encouraged to be proactive in the Discord servers by asking questions and learning how to identify any possible red flags with help from the technical community.

Audit Scope

Methodology

Results

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Runtime Verification

Runtime Verification

Runtime Verification Inc. is a technology startup providing cutting edge formal verification tools and services for aerospace, automotive, and the blockchain.