Code 423n4 — Tempus Smart Contract Audit Contest
Just like any other software, smart contracts may contain security vulnerabilities. Security is one of the most formidable challenges for smart contract implementation in present times. There exist concerns of inefficiencies, security breaches and some broken codes that could lead to high or unnecessary costs for any user of a protocol.
One of the biggest challenges with smart contract implementation is the fact that they have an irreversible nature and users can lose a part or whole of their funds deposited in a contract that has not been written effectively.
Smart contract auditing is therefore important for the better optimization of codes and improves the performance of the smart contract, in a way that also benefits the user of that contract (for example — gas efficiency conditions), enhanced vaults or wallets on the protocols, security against hacks and more.
Tempus Passes Security Audit of Coinspect
We are happy to announce the completion of our first audit by Coinspect who were able to find only 3 medium risk bugs that have now all been fixed.
As explained by Coinspect, no high-risk vulnerabilities that would result in user funds being stolen were identified from the source code. One of the medium-risk issues detected could have a high impact but there was a low likelihood of that event taking place. This bug has now also been fixed. Other bugs are related to the power of the pool owners and whether they could update the fees without constraints and that could have an adverse impact on users in case the accounts were compromised.
Find Coinspect’s audit report here.
Tempus Security Audit Competition at Code 423n4
Tempus is a future yield tokenization and fixed-rate protocol that allows users to optimize their existing exposure to variable yield based on their risk tolerance. As we continue to build on other protocols it is important for us to make sure our contracts are secured in case there is a failure on the protocols that we are building on.
Enterprise audits do not necessarily guarantee the quality and robustness of smart contracts. Instead of organising a bug bounty program ourselves, we decided to partner with Code 423n4 that creates incentivised weekly smart contract audit competitions that allow some of the most talented security researchers to do a thorough security audit of the smart contracts. It uses a novel competitive mechanism that allows anyone to help secure protocols and platforms without having to be a full-time professional auditor. This approach is designed to increase the depth and breadth of an audit while incentivizing security researchers to find the highest-risk and rarest bugs.
In addition to that, it does not follow the approach of ‘first person to turn in the bug gets the bounty’. Instead, they reward everyone’s contributions even if there are multiple submissions of the same bug.
The smart contract audit competition for Tempus began on October 14, 2021, at 00:00 UTC.
This contest ends on October 20, 2021, at 23:59 UTC.
We have allocated $50,000 USDC for anyone who is able to find bugs or can help us improve gas optimization on Tempus.
Read more about the contest here and start now!
Tempus is a protocol where users can re-allocate the risk of interest rate fluctuations between each other. Users can deposit their yield-bearing tokens (such as stETH) which Tempus splits into tokenized principal and yield tokens. Those primitives can then be traded against each other through the custom Balancer v2 AMM. Tempus will offer capital-efficient fixed rate yields and high variable yields on various assets. For example, Tempus will be the first team to release fixed-rate ETH 2.0 staking through Lido. Tempus will also integrate Compound, Aave and Yearn.