This article was first published on null
Audit process rationale
In order to ensure that our upcoming migration complies with the best security practices, Golem Factory has conducted three separate audit processes:
- an audit of the new Golem token smart contract (the new) Golem Network Token (GLM) and the associated migration proxy contract (the contract that facilitates the actual migration process) conducted by Trail of Bits, based on commit 1fb991c87b2ddc0f0c76585e77e948de4cabeade of the golemfactory/gnt2 repository,
- an audit of the new Golem token smart contract (the new) Golem Network Token (GLM), the migration proxy contract and the penetration test of the dedicated migration app performed by CertiK, based on commit 922728b63db7664a4a61051ae28fee506b95992f of the golemfactory/gnt2 repository,
- an internal audit and QA of the migration app
It is worth noting that the third contract involved in this migration (the original GNT contract) has been audited before:
None of the audits and tests revealed any serious security issues that could impact the users migrating from the GNT token to the new token, GLM or to the users of the new token (GLM) later on.
None of the reported issues - either singularly or in combination - were deemed sufficient to request the update of the smart contracts or of the migration app’s code and restart the audit process.
Note: Whenever the Golem MultiSig account is mentioned in the document, it’s referring to the Ethereum contract that is controlled by the individuals responsible for the original Golem Factory crowdfunding effort, which at the same time holds governance over the original GNT token. The Ethereum address of the contract is: 0x7da82c7ab4771ff031b66538d2fb9b0b047f6cf9.
Following are the details discussed in each audit.
Trail of Bits audit
The following issues were identified by the audit conducted by the Trail of Bits:
Permit is likely to be the target of phishing campaigns
To keep reading, please go to the original article at: