by: M. JariruddinPosted on:

Case Study: Ethernity Project Audit

Introduction and Context

Ethernity is an advanced smart contract system designed for token minting, governance via voting, and token swapping on the Ethereum blockchain. As a crucial part of its security measures, the Ethernity team engaged ImmuneBytes to perform a comprehensive audit of its smart contracts. 

Acknowledging the potential for new economic and security exposures, Ethernity requested ImmuneBytes to perform a detailed review of its specialised components. ImmuneBytes’ holistic evaluation not only measured  Ethernity’s operational resilience but also considered how its novel approaches to incentives, governance, and community trust fit within the larger Web3 landscape.

The primary areas of focus included governance integrity, minting restrictions, access controls, and potential attack vectors such as reentrancy and input validation flaws. As smart contract exploits continue to evolve, this audit played a critical role in enhancing Ethernity’s resilience against threats and ensuring its seamless operation in high-value transactions.

ImmuneBytes’ security review was instrumental in evaluating Ethernity’s adherence to industry standards while also considering the broader Web3 security landscape. The findings and recommendations from this audit will help Ethernity improve its security posture, strengthen its smart contract logic, and foster greater trust within its user community.

Project Overview

The audit primarily assessed the security, correctness, and reliability of the following smart contract functionalities:

  • Initialization: Ensuring only authorized entities can configure key contract parameters.
  • Voting and Governance: Securing the governance mechanism against vote manipulation.
  • Minting Functions: Enforcing the 12-month waiting period and 12% supply cap for new tokens.
  • Token Swap: Validating secure handling of swaps, including burn mechanics.
  • Admin Functions: Restricting sensitive actions to authorized entities.
  • Reentrancy and Security: Protecting state-changing functions against attacks.

In-Scope Contracts

The audit covered the following key contract files:

  1. DAOGovSample.sol – Governance contract implementing voting and minting logic.
  2. EpicToken.sol – ERC20-compliant token contract with minting and burning capabilities.
  3. TokenSwap.sol – Token swapping contract ensuring proper exchange mechanics and liquidity management.

Critical Areas of Focus

1. Governance & Voting Security

  • Ensured the governance model prevents vote manipulation, Sybil attacks, and governance takeovers.
  • Verified that the minting mechanism strictly follows voting thresholds to prevent unauthorized token issuance.

2. Minting Constraints & Token Supply Management

  • Examined enforcement of the 12-month waiting period and 12% supply cap in minting logic.
  • Ensured no unauthorized or excessive minting due to privilege mismanagement or logic flaws.

3. Token Swap Mechanism

  • Verified that the swap logic correctly executes transactions while maintaining liquidity security.
  • Ensured burn mechanics function properly to prevent lost or locked assets.

4. Access Control & Privileged Roles

  • Reviewed admin role restrictions to prevent unauthorized contract upgrades or governance overrides.
  • Ensured privileged operations are logged and auditable for transparency.

5. Reentrancy & Smart Contract Security

  • Assessed state-changing functions for potential reentrancy attacks.
  • Verified proper use of checks-effects-interactions pattern to prevent exploits.

Audit Approach

Audit Focus

The primary goal of this audit was to validate the security, reliability and intended functionality of the smart contract system. The assessment was structured around three core areas:

  • Security: Detecting vulnerabilities such as reentrancy attacks, unchecked external calls, and access control weaknesses.
  • Architectural Integrity: Assessing the system’s design against industry best practices to ensure resilience and scalability.
  • Code Quality & Accuracy: Reviewing code clarity, maintainability, logical consistency, and the presence of adequate test coverage.

This comprehensive approach ensured that cSigma Finance upholds high standards in security, architecture, and code quality.

Audit Insights

ImmuneBytes conducted an in-depth audit of Ethernity, during which three key issues of Low Severity and Informational nature were identified. No Critical, High, or Medium Severity vulnerabilities were discovered. The team demonstrated responsiveness by acknowledging all identified issues and providing detailed clarifications.

We have split the issues according to the severity levels:

  • High-severity issues will bring problems and should be fixed.
  • Medium-severity issues could potentially bring problems and should eventually be fixed.
  • Low-severity issues are minor details and warnings that can remain unfixed but would be better fixed at some point in the future.
Severity Open Acknowledged Partially Resolved Resolved Total
Critical 0 0 0 0 0
High 0 0 0 0 0
Medium 1 0 0 0 1
Low 3 0 0 0 3
Info 1 0 0 0 1
Total 5 0 0 0 5

Key Issues Identified

1. Missing Input Validation in EpicToken Constructor

  • Severity: Low
  • Description: The _swap and _waitPeriod parameters lack validation.
  • Impact: This could result in an unrealistic or unsafe minting frequency, undermining the tokenomics and critical misconfigurations.
  • Solution: Implement require statements to check for zero addresses and enforce logical constraints.

2. Missing Input Validation in TokenSwap Constructor

  • Severity: Low
  • Description: The _incomingToken and _burnAddress parameters are not validated.
  • Impact: The contract may fail to execute core functionalities like swapping or burning tokens, potentially locking user funds or breaking the swap mechanism.
  • Solution: Add validation checks to ensure these addresses are non-zero.

3. Insufficient Supply Check During Token Swap

  • Severity: Low
  • Description: The swap function lacks a balance check, which could lead to transaction reverts.
  • Impact: This causes poor user experience and potential disputes.
  • Solution: Verify the contract’s balance before executing swaps.

4. Improper Differentiation of Withdrawn Tokens

  • Severity: Medium
  • Description: The adminTokenWithdraw function does not distinguish between mistakenly sent and swap-related tokens.
  • Impact: This could lead to the accidental withdrawal of swap-related tokens by the admin, affecting users who are expecting a swap to succeed.
  • Solution: Introduce a mechanism to differentiate tokens.

5. Lack of Check for Already Set Token Contracts

  • Severity: Info
  • Description: The setMintableContract function does not verify if the mintable contract is already set, which could lead to accidental overwrites.
  • Impact: This could undermine trust and disrupt governance.
  • Solution: Implement a require condition to prevent reinitialization.

Conclusion

The ImmuneBytes audit of Ethernity found no critical or high-severity issues, indicating a well-structured and secure contract design. However, five minor vulnerabilities were identified, and recommendations were provided to improve security and robustness.

By addressing these issues, Ethernity can further enhance the integrity of its smart contract ecosystem, ensuring a secure and reliable platform for its users. ImmuneBytes remains committed to assisting blockchain projects in strengthening their security and fostering trust in the Web3 ecosystem.

Leave a Reply

Your email address will not be published. Required fields are marked *