Splyt Product Update #5
The Splyt Brand Rewards product is ready for launch! A reminder that the Staking Period (outlined in this article) begins on Tuesday, 8/10 at 12pm PST (this is based on block time, which may vary plus or minus a few minutes).
It has been a few weeks since our last update, mostly because we’ve been busy finalizing the product & didn’t have time to slow down to write about it ;)
Here’s preview of the Mag Park Staking Pool Dashboard.
We will post a “how to” article about this product in the coming weeks. Now would be a good time to learn about the program & to get prepared to participate in this exciting product launch!
Smart Contract Security Measures
We take smart contract security very seriously. We have made substantial efforts to ensure that our code functions as expected. We facilitated an extensive internal audit, which included over 25 tests, in addition to leveraging the Slither & Mythril Solidity security tools, all of which were used to detect vulnerabilities in our code.
We have opted not to get an external security audit because they are costly & do not guarantee security. Many of them leverage the tools described below, with which our team of seasoned smart contract engineers are very familiar.
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
Slither made a number of suggestions to improve our smart contract code, which fell into the following categories.
Use of Constant Variables & External Methods
Slither suggested we make a few of our variables constant, since they do not need to be modified within the code. We changed the visibility of some of our methods from `public` to `external`, which makes them cheaper to call.
Slither found that one of our methods had a variable shadowing issue, which was resolved by updating the variable name.
Use of block.timestamp
Slither suggested we compute the APY by block number (as opposed to timestamp), which is common practice within smart contract development.
Low Level Calls
We are leveraging the `ABDKMath64x64.sol` library, which is a cheap & fast math library that uses low level computational calls. Despite Slither suggesting not using a library with low level calls (due to its complexity), this library is well maintained & we feel confident in its implementation.
Slither uncovered some inconsistencies in our naming conventions, which have since been resolved.
Slither detected a possible re-entry attack, which was resolved by implementing the Checks-Effects-Interactions pattern. More specifically, we added conditional checks at the top of our methods, modified the state, & moved some tokens around to verify its functionality. The only thing after the transfer function is the Emit event, which has no impact on the smart contract’s logic, & is thus a non issue.
Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains. It uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities. It’s also used (in combination with other tools and techniques) in the MythX security analysis platform.
We ran the `myth analyze` command line tool against our smart contracts & it did not detect any errors. Below are the results of running the command.
Based on these measures, we are confident that our smart contracts are ready for production. We are super excited to launch the Splyt Brand Rewards product! Thank you for your support & sticking with us as we pave the way for better digital commerce.