ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Wednesday Sep 19th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

ConsenSys Diligence Releases 0x Protocol v2 Audit Results

By

Daniel

Putney

WriterETHNews.com

The audit details issues with and recommendations for version two of the protocol.

ConsenSys Diligence, a service that audits EDCCs (referred to as smart contracts) and Ethereum-based programs, recently published results for its audit of version two of the 0x project's smart contract system. The report lists 25 issues and provides recommendations for improving the project.

For those unfamiliar with 0x, it is a protocol that enables the decentralized exchange of tokens across the Ethereum blockchain. The system relies on relayers rather than exchanges to facilitate token trading. These relayers do not hold assets or execute trades like an exchange would, thus allowing participants to trade directly with their wallets.

The ConsenSys auditors focused on validating the security, resilience, and functionality of 0x's contract system based on its underlying specifications. Considering these factors, the audit involved identifying security-related problems within the contracts and their overarching system, evaluating the protocol's architecture according to smart contract best practices, and reviewing the quality and correctness of the source code. The audit's scope included smart contract files and test suites, excluding token-related contracts.

The audit team observed that, in general, the protocol is accompanied by well-written, comprehensive specification documents, including diagrams that visualize the system; it features well-commented code to better understand the intent of the developers; and it contains a thoughtfully consistent and organized contract repository.

Some of the updates included with version two introduced edge cases, resulting in a few critical issues with the system, but these have already been addressed. Of the 25 total issues identified with the protocol, 13 have been closed, leaving 12 left to resolve.

The problems listed by the auditors vary, ranging from outdated implementations to unclear code comments. However, five medium-severity issues relate to insufficient testing. The audit team noted that, overall, the protocol "lacks a rigorous testing strategy that ensures comprehensive test coverage." In fact, version two only includes testing for 70 to 80 percent of some of the system's contracts.

Besides resolving all the identified issues, ConsenSys Diligence recommends that 0x improve its testing strategy so that "any contract system … used on the main network [can] achieve 100% test coverage," though the team recognizes that 100 percent coverage "is not a silver bullet" for the protocol's problems.

Moreover, the auditors created a model to analyze potential threats to the smart contract system. Using this model, the team identified six threats, including the possibility of relayers being hacked and hackers publishing fake orders on the platforms' trading interfaces, as well as the potential for traders and relayers to lose all the ERC20 and ERC721 tokens they have approved. ConsenSys Diligence provided possible mitigation strategies to address these threats.

Like any blockchain protocol, 0x possesses various benefits and drawbacks. Audits like this allow engineering teams to recognize and resolve key issues with their projects and to proactively address any threats to their systems. The Ethereum community ultimately benefits from these reports, as they lead to a more robust and informed project development process across the board.

In related audit news, a blockchain protocol called bZx (which is integrated with 0x) was recently audited by the independent Ethereum auditor ZK Labs.

Daniel Putney

Daniel Putney is a full-time writer for ETHNews. He received his bachelor's degree in English writing from the University of Nevada, Reno, where he also studied journalism and queer theory. In his free time, he writes poetry, plays the piano, and fangirls over fictional characters. He lives with his partner, three dogs, and two cats in the middle of nowhere, Nevada.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest ConsenSys, ConsenSys Diligence or other Ethereum ecosystem news.