Runtime Verification audits Element’s Finance Governance Protocol

Runtime Verification is thrilled to announce the audit completion of Element’s Finance Governance Protocol’s Smart Contracts. This blog post will dive into why it’s crucial to audit Governance protocols and a detailed audit description.

Decentralized Governance Protocols are on the rise, and with it, a higher risk for exploits associated with contracts holding funds from the treasury and community. When participating in a Governance protocol, users can minimize the risk of choosing a protocol that could be exploited by checking if a series of factors are met. Let’s take a look at some of the factors:

  • Transparency and communication are critical. Always look for projects that share and communicate openly with their audience. On top of that, there are some trust indicators such as open source code, public audit reports, tangible roadmaps and regular updates about the project’s goals and achievements.
  • No contracts are bulletproof against exploits. Still, it’s essential to reduce risks as much as possible. Internal testing conducted by an in-house security team, external auditing (with one or more firms), and formally verifying the code are some of the measures that can be taken to reduce risks.
  • When minor updates are introduced, smart contracts can potentially become vulnerable and cancel the validity of past testing and audits. That is why, when updating the smart contract code, projects should plan a series of steps to ensure that the smart contract’s behavior and logic haven’t changed. Element Finance is part of RV Care, an ongoing security assurance agreement with Runtime Verification. RV Care provides security continuity and additional audit coverage when changes or upgrades to the audited contracts are made.
  • Before using a protocol, it is essential to understand its logic and design, often available in the project’s documents. Telling the difference between a suitable and poorly designed protocol can be done by looking for red flags on the proposals page. An example of red flags would be if a project shows two or more proposals with a conflict of interest or zombie proposals (an approved proposal that failed in the execution phase but is still active on the proposals page).
  • Projects must do their due diligence to ensure that proposals that are spending or requesting a significant amount of tokens have good intentions. Also, if the target of a proposal is an external account, the project must ensure that the account is legitimate to avoid, for example, reentrancy attacks. Non-technical users are encouraged to be proactive in the Discord servers by asking questions and learning how to identify any possible red flags with help from the technical community.

Users that want to get involved in a project’s community and trust a protocol with their funds should choose projects that take security seriously. The most reliable projects will often follow best practices such as external audits and other actions to reduce the smart contract risk as much as possible (given that it’s impossible to prove that a protocol code is 100% free of vulnerabilities). We want to highlight that Element Finance has taken all the precautions described in the sections above to minimize any possible risks, taking security seriously and prioritizing the well-being of its users.

The audit’s sole focus was Council, Element’s new governance protocol. The goal of the audit was to check if the smart contracts had any vulnerabilities that could drain the funds or represent a risk for its users. Some of the audited contracts were related, but not limited to, voting vaults, treasury, and storage. A comprehensive list of the audited core contracts can be found in the report, making solidity contracts the only audited part of the governance system. It is important to note that off-chain contracts, client-side portions of the codebase, deployment, and upgrade scripts were not in the scope of the audit.

Runtime Verification team leads Daejun Park and Raoul Schaffranek conducted Element Finance’s Governance smart contracts audit and published a detailed report on October 15th, 2021.

The team reviewed the governance code performing a manual audit and applied formal methods to identify possible vulnerabilities and disclose them to Element Finance’s team before opening up the new governance protocol to the public.

The first step consisted of reasoning about the core logic of the contracts to ensure the absence of logical loopholes and inconsistencies between the logic and the implementation. To carry it out, the team formalized the core governance logic, as well as the critical security properties, e.g., no loss or unintentional locking of funds, no unauthorized access to any features, no manipulating votes, etc., and rigorously verified the formal properties to ensure that the system is secure and works as expected in many different scenarios and edge cases. This formal-methods-based auditing technique helps to systematically examine the system’s behaviors in an infinitely large number of input combinations, and reveal novel unknown attack vectors, if any, that are specific to the governance system.

Next, the code was checked against well-known security issues and attack vectors that projects often fail to identify when developing their code. As simple as it may sound, an external person with knowledge about common vector attacks can help to identify possible vulnerabilities that the core developers may have missed, as they are already too familiar with their code and makes it more difficult to spot them.

Finally, we compiled the code and symbolically executed part of the bytecode. A lot of times, the compiler can introduce attack vectors that were not present in the high-level language, in this case, Solidity. This last step adds an extra layer of security to avoid possible attacks.

The audit identified and highlighted some critical issues along with a number of informative findings (see the report for details). Element Finance team properly addressed the issues and concerns raised during the audit and incorporated all the necessary changes in the smart contracts.

The governance contracts were well written and the Element Finance team followed best practices to ensure that the code behaves as expected and to minimize potential attack surfaces. We would also like to highlight RV Care, the security assurance agreement between the Element Finance team and Runtime Verification, which provides ongoing audit coverage to minimize any risks introduced by changes or updates to the already audited contracts.

About Element Finance: Element Finance has built a new financial DeFi primitive that enables capital-efficient fixed and variable yield markets. Fixed rates are offered in a decentralized, open format with rates up to 15% on USD, Ethereum, or Bitcoin. Other projects can also develop new products or services by adopting its open-source infrastructure.

About Runtime Verification: Runtime Verification is a technology startup based in Champaign-Urbana, Illinois. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services and products to improve the safety, reliability, and correctness of software systems in the blockchain field.

Runtime Verification Inc. is a technology startup providing cutting edge formal verification tools and services for aerospace, automotive, and the blockchain.