At Bluefin, we're dedicated to building an incredibly performant, user friendly DEX. To support that, we're writing code that meets the highest security and transparency standards. We invest a significant amount of development effort into designing secure code and architecture, and frequently reviewing it to ensure quality. We routinely test and re-evaluate our products for code and business logic vulnerabilities. While we believe we have done our best to produce resilient and reliable products, we've partnered with PeckShield, to audit the contracts, and Halborn, for a penetration test of the full stack. We've also partnered and scheduled an audit with Trail of Bits starting December 2021 that will cover all existing contracts and the several new features and contracts we add on. We've also road-mapped a TestNet launch and Bug Bounty Program for maximum community input and transparency. After the successful completion of the Trail of Bits audit, the code will be made open-source and the Bug Bounty Program will commence.
So far, PeckShield has completed its audit of Bluefin's V1
repository -
Governance, Insurance Fund, Token Vesting, and Timelock
smart contracts - and discovered
0 Critical, 0 High, 0 Medium, 3 Low, and
1 Informational issues. Further audits that include the
core exchange contracts will be completed in September 2021. Of
the 3 low severity issues, 2 have been resolved and 1 is
acknowledged. The acknowledged issue—regarding proposal
execution cost—is impossible to reproduce in our contracts and
app since no function calls require native tokens. In the low
likelihood scenario where the Governance approves a proposal
implementing such a function in the future, the proposal will
also have to include the necessary changes to the
Governance::execute() method to ensure the call is
not reverted. More details on the issues are available in the
full report.
Halborn, an elite cybersecurity company for blockchain organizations, has completed its White Box Penetration Test of the Insurance Fund and Governance applications and discovered 0 Critical, 0 High, 3 Medium, 3 Low, and 2 Informational issues. During the white box test, Bluefin shared the contract code and documentation to facilitate the review. All issues outlined in the White Box testing report have been resolved. Details can again be found in the full report. Halborn is currently Black-Box testing the apps and expects to share results with us by the end of August 2021. During the Black Box test, another penetration tester from Halborn who has not seen the application will gather information about Bluefin's software on their own, without prior knowledge of the code, and attempt to exploit security weaknesses simulating a cyber-attack.
In addition to these efforts, we've made our contracts upgradeable and built Governance contracts for our community to vote on upgrades or adjust parameters as needed. We believe in the Web3 vision of permissionless protocols, accessible to all and guided by the users themselves.
In building a trustless environment, our community's input is just as important as our team's diligence; as such, we encourage everyone to be active members of the Governance, TestNet exchange, and Bug Bounty Program. With these efforts combined, the Bluefin team and community can build a secure, reliable, and transparent environment for everyone to participate in.
If you are interested in trading perpetuals, options, or learning more about Bluefin, then please join the growing community on Discord, follow the Telegram announcement channel, and sign up for updates at https://trade.bluefin.io.
Disclaimer: The products available on Bluefin are not available for use by US Persons or residents of any country or jurisdiction subject to US sanctions.
- Bluefin