Blog

33 days, 41 high risk issues and 238 pages

Today, I'd like to share insights from a recent audit I conducted for a stablecoin protocol, which is still under partial development.

The protocol, which shall remain redacted until the final audit report is publicized, had already undergone what's known as a "pre-audit." Despite this preliminary step, the subsequent audit rounds revealed a significant number of issues.

In the first audit round, I uncovered 27 high-severity, 21 medium-severity, 48 low-severity, and 41 informational issues.

Given the extensive number of findings, a second audit round was necessitated. This round had to be conducted within a constrained timeframe of just 14 days. Despite the time limitation, which prevented full coverage, the second audit identified 16 high, 6 medium and 16 low issues.

One of the key takeaways from this audit is the presence of both low-hanging fruit and more advanced exploits.

While many issues are low-hanging fruit, there are also quite a few sophisticated exploits in the report which will provide some great alpha.

You can find the report here:

https://github.com/bailsec/BailSec/blob/main/Bailsec%20-%20Redacted%20-%20Audit.pdf

If you are a founder or developer of a similar protocol, feel free to send me a DM for security services.