MoveBit, a security auditing firm with expertise in ‘Move’ development, conducted a thorough audit of Streamflow’s Sui codebase, leveling up the protocol’s safety for both users and Streamflow. MoveBit collaborated closely with the Streamflow team over a week and a half, communicating any identified issues to Streamflow developers for swift resolution.
In total, the MoveBit team identified 8 issues:
- 1 informational
- 5 minor
- 2 medium
Streamflow developers fixed 5 of the discovered issues (comprising 3 minor and 2 medium issues). The remaining 3 issues (including 2 minor and 1 informational issue) were acknowledged, as they were deemed to pose a negligible threat by the Streamflow development team in light of the protocol’s design and mechanics.
With the completion of the audit report, Streamflow can assert that the protocol has undergone rigorous testing and that all critical issues have been appropriately addressed.
MoveBit’s Audit Process
MoveBit’s Audit Process consists of:
- Carrying out relevant security tests on the testnet or the mainnet.
- communicating with the code owner in time, if there are any questions during the audit process.
- Documenting the necessary information during the audit process.
MoveBit’s goal is to assess repositories for security-related issues, the overall quality of the code, and compliance with specifications and best practices. Possible vulnerabilities Movebit looks for include (but are not limited to):
- Integer overflow/underflow by bit operations
- Number of rounding errors
- Denial of service / logical oversights
- Access control
- Centralization of power
- Business logic contradicting the specification
- Code clones, functionality duplication
- Gas usage
- Unchecked CALL Return Values
Furthermore, the MoveBit security team adopts three strategies: “Testing and Automated Analysis”, “Code Review” and “Formal Verification”. These strategies ensure MoveBit performs a complete security test on the code in a way that is closest to a real attack.
In conclusion, Movebit’s comprehensive audit of Streamflow’s Sui codebase represents a significant milestone in enhancing the protocol’s security for both users and Streamflow.
Ultimately, this audit not only instills confidence in users regarding the security of their funds but also certifies that Streamflow’s protocol has undergone meticulous testing, ensuring that all critical issues have been diligently addressed. The MoveBit audit process serves as a testament to their commitment to security, code quality, and compliance with industry standards.
Link to full audit report: https://github.com/movebit/Sampled-Audit-Reports/tree/main/reports
About Streamflow
Streamflow is a pioneering token operations platform empowering organizations to streamline fund distribution with unparalleled efficiency. Through Streamflow, teams gain the ability to automate vesting schedules, create airdrops, and integrate our Software Developer Kit (SDK) for tailor-made solutions.