The SlowMist team recently completed a security audit of the EOS WPS Smart Contract. No critical or high-risk issues were reported, only 4 medium-risk and 7 low-risk vulnerabilities with further 3 enhancement suggestions. All issues have already been fixed.
Is smart contract security audit really that important? Yes, very important!
The essence of the smart contract is a piece of code in the blockchain network. Once the smart contract is successfully deployed, can it not be modified? The main purpose of this design model is to increase the credibility of the smart contract. This is also a manifestation of the "immutability" of the blockchain.
However, the code is written by people, as long as it is done by people, there must be loopholes. A large number of smart contracts have security holes.
A professor at the University of London mentioned in the latest paper that after analyzing each contract for nearly 1 million smart contracts for 10 seconds, it was found that 34,200 smart contracts were not up to standard. At the same time, when there is reality in a sample survey of 3759 smart contracts, there is a 89% probability that there is a loophole. In view of this grim situation, the most feasible method is: Before the smart contract goes online, conduct a comprehensive code security audit to eliminate vulnerabilities and reduce security risks as much as possible.
The audited smart contract is publicly accessible in the EOS Nation Github profile: https://github.com/EOS-Nation/eos-wps.
As already announced, no critical or high-risk issues have been found, i.e. issues that could affect the normal operation of the smart contract or impact its security.
Instead, the following medium-risk vulnerabilities have been found:
The low-risk vulnerabilities are as follows:
The team then proposed 3 enhancement suggestions to optimize the code compared to the current situation.
"The EOS Worker Proposal System (WPS) is a funding mechanism for the EOS Mainnet, enabling developers and other value creators to seek funding from the EOS blockchain for their projects outside of EOS block rewards."
Learn more about EOS WPS: A new proposal for a Worker Proposal System on EOS