Case Study: Smart Contract Audit for WOM Protocol
How Hacken conducted EVM Smart Contract Audit for WOM Protocol with auditor’s perspective
🇺🇦 Hacken stands with Ukraine!Learn more
Colony crypto project improved their Smart Contract Audit Score from 7.2 to 10/10 in 30 days. How is it even possible? A short answer: Colony Lab’s responsible security-centric approach and Hacken’s auditing expertise helped achieve the maximum safety for Colonony’s smart contracts.
Colony project (CLY) is a community-driven Avalanche ecosystem accelerator. Since its inception, Colony has embraced a distinctive approach to early-stage investment in AVAX projects.
The front end of the project’s finance, investing, and funding mechanism can be found on the official web app. The Colony app offers the following functionality:
Colony requested a smart contract audit of their codebase to ensure that these and other functions work as intended.
Colony Lab raised $21 million in funds over three seed rounds in autumn 2021. Colony’s funding mechanism is innovative because they combine traditional venture capital with open governance. From a marketing perspective, CLY is an Avalanche-oriented ecosystem project. The AVAX accelerator is actively looking for early-stage projects to invest in. In the past, Colony has made 19 investments in native Avalanche projects.
Colony has achieved tremendous success regarding the security of their smart contracts. The final audit report contained no smart contract vulnerabilities. It’s all thanks to hard work, continuous improvement, unwavering commitment to community values, and trusted communications with the auditor.
Our initial assessment scored 7.2. In the preliminary report, Hacken auditors specified detected issues, their classification, and recommendations for fixing. Colony Lab took the initial report with extreme care and fixed all the issues. Again, they fixed not just the problems related to code security but everything from documentation to test coverage.
Colony’s security-centric approach should be credited for their ability to change things for the better quickly. The main pillar of their secure development lifecycle are as follows:
Attracting early-stage funding for Avax projects is paramount for Colony’s business model. Therefore, its security-centric product development is an excellent example for existing and new coming Web3 creators.
Colony requested Smart Contract Audit for access, staking, vesting, project factory, and ERC20 contracts. Their EMV-compatible Solidity contracts are deployed to Avalanche C-chain. Hacken reviewed more than 20 contracts and dozens of user roles.
In our comprehensive code analysis, Hacken professional auditors manually reviewed each line of code of 20+ smart contracts. Hacken has a dedicated team of Solidity auditors who follow the principles of smart contract auditing. CER.live, CoinGecko, and CoinMarketCap all recognize our audits, which attests to the high market recognition of Hacken external review.
Highlights from Hacken auditors about Colony’s audit:
Colony is not listed on CER.live yet, but getting there won’t be a problem with a 10/10 score and 99% test coverage.
In our 5+ years of experience, we have developed a time-proven recipe for security excellence – both parties do their best to build effective communication. This is exactly how our audit process with Colony unfolded.
Hacken’s cooperation with Colony proves that responsible Web3 players can learn from the mistakes of others. Not all audits are created equal, especially when it comes to relevancy and scope. The crypto industry is well aware of hacks happening despite smart contract audits. The reason for such exploits is relatively trivial – projects review only a tiny fraction of their codebase, making them vulnerable to cyber-attacks.
This is where Colony’s security-centric approach makes all the difference. When they first approached us, Colony insisted on having the highest coverage possible. The result is remarkable – audit coverage of the entire codebase.
Congrats to our client and partner, Colony Lab, on scoring 10 of 10 on Smart Contract Audit. Our joint action goes on. We are now working together to ensure that a rapidly-expanding Avalanche platform is protected from hacks and smart contract exploits.