GNT Migration Audit

This article was first published on null
-----

Audit process rationale

GNT Migration Audit

In order to ensure that our upcoming migration complies with the best security practices, Golem Factory has conducted three separate audit processes:

  • an audit of the new Golem token smart contract (the new) Golem Network Token (GLM) and the associated migration proxy contract (the contract that facilitates the actual migration process) conducted by Trail of Bits, based on commit 1fb991c87b2ddc0f0c76585e77e948de4cabeade of the golemfactory/gnt2 repository,
  • an audit of the new Golem token smart contract (the new) Golem Network Token (GLM), the migration proxy contract and the penetration test of the dedicated migration app performed by CertiK, based on commit 922728b63db7664a4a61051ae28fee506b95992f of the  golemfactory/gnt2 repository,
  • an internal audit and QA of the migration app

It is worth noting that the third contract involved in this migration (the original GNT contract) has been audited before:

https://blog.openzeppelin.com/golem-network-token-gnt-audit-edfa4a45bc32/

None of the audits and tests revealed any serious security issues that could impact the users migrating from the GNT token to the new token, GLM or to the users of the new token (GLM) later on.

None of the reported issues - either singularly or in combination - were deemed sufficient to request the update of the smart contracts or of the migration app’s code and restart the audit process.

Golem MultiSig

Note: Whenever the Golem MultiSig account is mentioned in the document, it’s referring to the Ethereum contract that is controlled by the individuals responsible for the original Golem Factory crowdfunding effort, which at the same time holds governance over the original GNT token. The Ethereum address of the contract is: 0x7da82c7ab4771ff031b66538d2fb9b0b047f6cf9.

Following are the details discussed in each audit.

Trail of Bits audit

The following issues were identified by the audit conducted by the Trail of Bits:

Permit is likely to be the target of phishing campaigns

https://github....

-----
To keep reading, please go to the original article at:
null

Comments (No)

Leave a Reply