We're thrilled to announce that our smart contracts are now public on Github!
By making the code public, we reinforce our compromise with the open-source and Ethereum communities. You can access the code here.
And we have more good news: the first independent audit of the Hermez protocol smart contracts shows positive results!
Solidified Audit Results
The Hermez project is fully committed to enhancing network security before the mainnet launch. To reassure our users and stakeholders, we are conducting several independent audits on our code.
The first audit comes from Solidified. During October, three auditors worked in parallel to perform an isolated audit on Hermez's smart contracts and its associated components.
Over three weeks, the Solidified team audited the smart contracts that run Hermez's auction mechanism and the Hermez protocol itself.
They examined the smart contracts' intended behavior, like support for forging batches of transactions, the auctioning protocol used to select the coordinator (forger), and bootstrapping security measures.
You can check the full audit report here.
We're pleased with the audit results, as the Solidified experts didn't find any critical or major issues on our smart contracts!
On the executive summary of their audit report, they expose only three minor issues which have been addressed, of which there was one interesting one:
“Tokens charging token transfer fee would cause balances accounting discrepancy”.
Regarding this point, Solidified advises Hermez to make users aware of this issue and recommend not to move such tokens into L2. Since these tokens are not used by any major project and they don’t make a relevant part of the token transfers happening on the network, our team has decided to block the transfers of this kind of tokens to ensure our users’ security.
These three minor issues are already under the radar of our founders and developers, who are working tirelessly to get Hermez ready for our upcoming mainnet launch.
As mentioned above, this is only the first audit. We're currently working with independent auditor Adrià Massanet for an additional code review and with the Trail of Bits team on another fully-fledged audit; watch this space for more news in the coming weeks.
But this is still not enough for us.
They say four eyes see better than two. And we need many eyes! We want to invite everyone to check and audit our smart contracts, that's why we're publishing the code here.
To make things a bit more interesting, we're preparing a bug bounty campaign to reward those who make the Hermez protocol safer.