Smart contract auditor CertiK, whose services are in high demand amidst the current defi boom, has published the results of its RioWallet pen test. Three RioDeFi modules and RioWallet were meticulously scrutinized by the CertiK team and the results are overwhelmingly positive.
RioDeFi’s platform is designed to bridge the gap between traditional and decentralized finance. This entails convincing individuals to transport their assets from the permissioned world of banking and finance to the permissionless realm of defi, where code is gospel and projects live or die by the quality of their smart contracts. Due to the billions of dollars held in smart contracts, external auditing is essential to prevent bugs from going undetected that could have fatal consequences if exploited in the wild.
CertiK Pulls Apart RioDeFi’s Code
While much of the defi ecosystem revolves around Ethereum, the launch of Polkadot and its Substrate framework has presented a new playground for defi devs to create novel applications. RioDeFi has planted its flag in the Polkadot camp, and will be using Substrate to create its native defi framework. CertiK audited three components of this stack, namely RioBridge, RioAssets, and RioRuntime.
CertiK was tasked with running over the components with a fine tooth comb to identify any vulnerabilities. The CertiK team also pen tested the RioDeFi mobile wallet, putting their white hats on in a bid to determine ways in which less scrupulous attackers could exploit it. CertiK concluded:
“Regarding the audit, the codebase makes good use of the framework specifics and Rust’s best practices. CertiK’s team of engineers found only some minor exceptions, which were swiftly fixed by the team in complete.”
CertiK’s rigorous tests failed to uncover any vulnerabilities, with its only remedial advice concerning the creation of better codebase documentation.
The Next Frontier for Defi
RioDeFi has attracted a lot of interest from the crypto community, partly because of the defi boom that has lifted all ships, but also because the project is focused on Polkadot, which aims to evolve into the scalable, interoperable network that Ethereum couldn’t become. MANTRA DAO will be building its staking and lending infrastructure on RioDeFi, and thus it is critical that Rio’s infrastructure is given a clean bill of health by auditors.
Due to the proliferation of defi projects, many smart contract auditors are fully booked for the rest of the year. As a result, reputable projects are having to patiently wait in line, while less reputable ones – think yield farming clones – are simply pushing out code and hoping for the best. For legitimate projects such as RioDeFi, that’s not an option of course. Thus, the publication of CertiK’s audit report arrives at the perfect time.
Designed as a mobile-first defi platform, Rio will place the tools for interacting with defi products and services in the hands of individuals seeking an alternative to the gated community of traditional finance in which admission is dependent upon meeting the right criteria for creditworthiness, net worth, and country of origin. Defi’s promise of banking the unbanked and hard to bank has been placed on hold in the Ethereum ecosystem, thwarted by prohibitively high fees. If fees on Polkadot remain low and adoption climbs steadily, there is every chance of the network fulfilling the original promise of defi, delivered by projects such as RioDeFi and MANTRA DAO.