Injective Protocol announced on Monday, July 26, through its Twitter account, that Informal Systems has audited the Injective Protocol code base and injection chain. According to the company, Informal Systems is a major auditor for Cosmos-based projects and is led by Cosmos, co-founder Ethan Buchmanster.
“Informal Systems has audited the Injective code base and the Injective chain. Informal Systems is a leading auditor specializing in Cosmos-SDK-based projects. The informal team is made up of world-class researchers, engineers and operators, led by CEO Ethan Buchman, who co-founded Cosmos and Tendermint”, he said in an article posted on his website.
The company explained that it has conducted rigorous internal tests to ensure the security and robustness of the exchange protocol. Informal has generally found the Injective code to be of high quality. The focus of this audit was to review the code base for the spot and derivatives markets.
“The spot markets milestone focused on the exchange module audit, while the derivatives markets milestone focused on the exchange audit, along with the oracle and insurance modules. Very minor bugs were found in the code base and the developers fixed them quickly”, he added.
In their view, going forward, they will continue to conduct rigorous testing on the codebase to ensure exchange stability and we will always “continue to proceed with security precautions to ensure the safety of funds”.
The company indicated that Informal Systems is a full suite research and development institution and a leading contributor to the Cosmos and Tendermint project. Since its founding in 2019, Informal Systems has become a leader in building verifiable distributed systems, including the core blockchain infrastructure in Rust and formal verification tools like Appalachian.
While most auditors rely on manual code base testing, Informal stands out as a pioneer by leveraging a combination of English and TLA + specifications, model-based testing, and code inspections. They rebuild protocols from the original code base to make protocol assumptions and guarantees more explicit. This unique audit model has allowed them to thoroughly explore our codebase and identify potential issues.
“We were very impressed with the depth of understanding Informal Systems demonstrated during their month-long audit of our protocol. Not only did they possess expert-level knowledge of the nuances of the Cosmos-SDK, but they also leveraged their unique skills in formal verification to create accurate state representations of our protocol that were invaluable in programmatically generating rare cases that would otherwise be difficult. to find. through manual or fuzz testing. It was a privilege to work with the informal team and we are grateful for their contributions in helping us to enforce the security of our protocol”, said Injective Co-Founder and CTO Albert Chon.
According to the company, the focus of this audit was to review the code base for the spot and derivatives markets. The spot markets milestone focused on the exchange module audit, while the derivatives markets milestone focused on the exchange audit, along with the oracle and insurance modules.
In their view, the report highlighted that simple attempt to attack the Injective system were unsuccessful as the codebase contained all the necessary validation tests and was written with a high level of attention to detail.
“Most of the findings were not serious, as they only affected the customer interface. The auditor specifically highlighted five issues that required knowledge of source code and the ability to execute carefully crafted sequences of transactions to exploit. Therefore, they were not found to be easily exploitable, as they would not have been found by standard static analysis or fuzzing. However, our engineers immediately fixed the reported issues to further strengthen the security of our network”, he said.