Security has been at the forefront of our focus during the development process of Resonate. This pursuit demanded we explore every available option to ensure an impenetrable codebase — we are proud to share that we have thrown the kitchen sink at Resonate’s code!
All info shared here is also available in our docs.
A code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released.
Zellic conducted a formal audit pre-launch, alongside a follow-up. All discovered bugs were patched.
Blocksec also conducted a formal audit and an additional audit to cover the Resonate oracle system, both pre-launch. All discovered bugs were patched.
Balancer Safe LP-Price Derivation Oracle
We have developed (derived and mathematically proven) an oracle to safely and robustly price Balancer LPs, effectively shielding the protocol from LP price manipulation attack vectors.
The implementation of this oracle has been approved by BlockSec and represents the first oracle to truly handle an arbitrary number of tokens with arbitrary weights. Consequently, this will be able to robustly price any Balancer LP token (BPT) moving into the future.
We’ll have an independant medium posted regarding this topic soon. The mathematical proof is already available here.
Next-Gen Fuzzing by PwnedNoMore
Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities. A fuzzing tool injects these inputs into the system and then monitors for exceptions such as crashes or information leakage.
The Revest team enrolled Resonate for testing with a next generation fuzzing system developed by our friends at PwnedNoMore.
PwnedNoMore also graciously introduced Resonate to their global network of white-hat hackers for penetration testing, which resulted in several flaws being mitigated well-ahead of launch.
A bug bounty program provides individuals a platform to receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Our bug bounty program has seen great success with existing bugs being identified and patched.
We will also be launching an Immunefi bug bounty in the coming days. We’ve already seen success with an Immunefi bug bounty for Revest, and we have no doubt that it will contribute towards the most robust solution possible for Resonate.
Sandboxed Value Storage
In breaking with the current industry standard, Resonate has elected to utilize the CREATE2 opcode for sandboxing of protocol-stored value. This means that each Resonate pool created has its own vault in which tokens are stored; theft of value from Resonate would require O(n) transactional complexity, dramatically increasing the amount of gas and transactions needed to execute a successful theft of value over a centralized-storage option. Resonate is proud to serve as an industry leader in this novel use of smart-wallets.
We truly take security seriously and have thoroughly explored every option at our disposal to ensure the integrity and safety of our system. It’s never a quick path, nor is it a cheap undertaking — though it is essential. Our formal and informal audits, our bug bounty program, our enrollment in a next-gen fuzzing program, safe LP pricing oracle, and our use of sandboxed storage solution — all to ensure that your funds are kept completely secure in our fortified system and are resistant to any attacks.