- Assurance
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  AI Red Teaming
  Testing AI systems against real threats
  AI Red Teaming
  Testing AI systems against real threats
  AI Security Assessment
  Securing AI models, data, and pipelines
  AI Security Assessment
  Securing AI models, data, and pipelines
- Advisory
  AI Advisory
  Guiding secure, strategic AI adoption forward
  AI Advisory
  Guiding secure, strategic AI adoption forward
  Risk Assessment
  From unknown threats to actionable insights
  Risk Assessment
  From unknown threats to actionable insights
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Compliance Readiness
  Stay ready as regulations evolve
  Compliance Readiness
  Stay ready as regulations evolve
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Technical Due Diligence
  See the risks before you invest
  Technical Due Diligence
  See the risks before you invest
  Technical Training
  Empower your teams to secure what matters
  Technical Training
  Empower your teams to secure what matters

Brt Dci Contracts - Prodigy

Prepared by:

HALBORN

Last Updated Unknown date

Date of Engagement: October 10th, 2024 - October 14th, 2024

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Introduction
2. Assessment summary
3. Scope
4. Findings overview

1. Introduction

Prodigy engaged Halborn to conduct a security assessment on their smart contracts revisions beginning on 10/10/2024 and ending on 10/14/2024. The security assessment was scoped to the smart contracts provided to the Halborn team.

2. Assessment Summary

The team at Halborn was provided 3 days for the engagement and assigned a full-time security engineer to evaluate the security of the smart contract.

The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

Ensure that smart contract functions operate as intended.
Identify potential security issues with the smart contracts.

In summary, Halborn identified some security risks that were addressed by the Prodigy team.

3. SCOPE

REPOSITORY

(a) Repository: brt-dci-contracts

(b) Assessed Commit ID: 24946ea

DCIStructs
TransferHelper
AggregatorHelper

↓ Expand ↓

Out-of-Scope: utils/Faucet, utils/Token

Out-of-Scope: New features/implementations after the remediation commit IDs.

4. Findings Overview

Security analysis	Risk level	Remediation
Price Manipulation Vulnerability in Vault Execution Due to Unchecked Pyth Oracle Updates	High	Solved - 10/28/2024
Chainlink Oracle Price Feed Used Without Staleness Check	Medium	Solved - 10/28/2024
Excess ETH Not Refunded in Price Update Transactions	Medium	Solved - 10/28/2024
Zero Amount Transfer Vulnerability in Token Transfers	Medium	Solved - 10/28/2024
Pyth oracle price is not validated properly	Medium	Solved - 10/28/2024
Unrestricted Vault Creation in Factory Contract	Low	Solved - 10/28/2024
Unsafe Casting Operations	Low	Solved - 10/28/2024
Incorrect Fee Calculation Due to Delayed Initialization in Vault Contract	Low	Solved - 10/28/2024
Incorrect State Modification Order in lpWithdraw Function	Low	Solved - 10/28/2024
Missing Visibility Attribute	Informational	Solved - 10/28/2024
Consider Using Named Mappings	Informational	Solved - 10/28/2024

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Introduction
2. Assessment summary
3. Scope
4. Findings overview

// Download the full report

Brt Dci Contracts

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

← Back to Audits