background
logo

Security Audit Report for PumpBTC Contracts

DESCRIPTION

The audit focuses on PumpBTC Contracts, enabling users to stake Wrapped Bitcoin tokens into the PumpStaking contract and mint pumpBTC tokens at a 1:1 ratio. These assets are then unwrapped into BTC for staking and rewards on Babylon. The protocol offers standard and instant unstake options with fees.

The scope includes only the contracts in the contracts folder, excluding other files and assuming dependencies are reliable.

Our iterative audit process covers the initial version and subsequent versions addressing discovered issues. We utilize automated scans, manual verification, and business logic analysis to identify security issues and provide optimization recommendations.

We identified that the codebase contains a high-risk issue, promptly addressed by the PumpBTC team. Additionally, we have put forth recommendations to further strengthen the code logic, along with notes that should be taken into consideration. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.

KEY FINDINGS

In total, we find 1 potential issues in the smart contract. We also have 3 recommendations and 3 notes, as follows:

High Risk: 1
Medium Risk: 0
Low Risk: 0
Recommendation: 3
Note: 3
ID Severity Description Category Status
1 High Potential precision loss in the stake function DeFi Security Fixed
2 - Remove redundant code Recommendation Acknowledged
3 - Add checks on the new staking limit Recommendation Fixed
4 - Follow CEI pattern in the PumpStaking contract Recommendation Fixed
5 - Potential precision loss in the unstakeInstant function Note -
6 - About the off-chain logic Note -
7 - Potential centralization risks Note -

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!