Security & Audits
EUROe smart contracts are developed by Membrane Finance in close collaboration with Equilibrium. In addition to thorough internal testing and auditing, all of our production code is audited by third-parties.
Audits
EVM Implementations
The EUROe Stablecoin smart contracts have been audited by PeckShield in July 2022 and by Runtime Verification in December 2022. Please find a complete list of the audits, summary of findings, and smart contract changes between and after the audits below. Audits have been bolded.
2022/07 PeckShield
The audit was started at commit b011a0d and concluded (with changes reviewed up until) commit 02bb9c7.
PeckShield found 1 medium and 1 informational finding. The former was confirmed and the latter resolved.
The full audit report is available for download here. Alternatively, you can view the report on PeckShield's GitHub here.
Changes from 2022/07 to 2022/12
- Added a normal mint function in commit 7c7164f
- Renamed eEURO to EUROe in commit 3113259
- Added rescuer and burner roles in commit e797a6c
- Made further name changes in commit 3a57311
- Improved contract documentation in commits 72487d9 and cd94c71
- Made a change to accepted compiler Solidity versions in commit f11328c
- Added a gap to add new variables without shifting down storage in the inheritance chain in commit d194177
- Remove support for the renounceRole() -function in commit 4868177
Changes in other commits have focused on deployment scripts, tests, and documentation.
2022/12 Runtime Verification
The audit formally commenced at commit 4868177.
One high severity finding was raised along with four informational findings. All findings have been addressed since the audit.
The following commits addressed the findings of the Runtime Verification:
The full audit report is available for download here. Alternatively, you can view the report on Runtime Verification's GitHub here.
Changes after 2022/12
- *A commit was mistakenly made to main branch in commit 2abb003 which was reverted in commit 053522d. Following the incident we have turned on branch-protection in all public repos. All production repos had branch protection turned on.
- *Change the state-changeness of a overriden function in commit 255439f
- *Added a legal disclaimer to the contract & modified NatSpec in commit a64c0b9
- Update test coverage report to reflect current contract version in commit 09d0fb5
- Clean up configurations in commit 3c5963f
- Added Hardhat configurations for Polygon Mumbai and mainnet deployments in commit a0562ff
- Added Hardhat configurations for Avalanche Fuji testnet in commit b3d8849
- Added Hardhat configurations for Avalanche mainnet in commit 3927e2a
- Added Hardhat configurations for GEN-X testnet in commit c581da3
- Adding information for Arbitrum Goerli deployment afcccb
- Added HardHat configuration for Arbitrum mainnet 329f48
- Added HardHat configuration for deploying to Sepolia testnet & upgraded hardhat package e93ae5
Solana Implementation
EUROe is implemented as a standard SPL token. For more information about the SPL Token Program, please visit Solana program library (spl.solana.com ↗).
Security & Bugs
EUROe has an active bug bounty. Please refer to our Security and Bugs page for information regarding bug bounties and EUROe security.
Testing
All EUROe systems, including the stablecoin, are subject to rigorous internal and external testing before release. Our testing process includes, but is not limited to, automated unit and E2E tests along with manual review and code & logic audits. All production code is internally peer reviewed. Furthermore, we place a heavy emphasis on system security. Hence, all smart contracts are audited by third-parties.
EVM Implementation JS Tests
You can find the automated stablecoin tests on Github. The test coverage report is available on Github as PDF.
EVM Implementation Foundry Tests
In addition to the JS tests provided above, which are actively maintained, a limited set of Foundry tests is provided in the feat/foundry_tests
branch, available on Github.
Solana Implementation Tests
Automated unit & integration tests for the Solana implementation are not publicly available.