This case study provides an in-depth analysis of the Bluefin Audit Contest conducted by the HackenProof team from February 13 to March 17, 2024. It highlights the audit’s scope, findings, the distribution of rewards, and the pivotal role HackenProof played in enhancing the platform’s security while optimizing the developers’ efforts.
About Bluefin
Bluefin is a decentralized perpetuals trading platform powered by the Sui Blockchain. Ensuring that users experience sub-second trades that are finalized on-chain and reflected instantly on their UI, Bluefin offers high-performance trading while bridging the web2 and web3 experience.
Audit Overview
The HackenProof’s security contest aimed to identify vulnerabilities within Bluefin’s smart contracts, focusing on issues that could potentially compromise the platform’s security and user trust. The audit encompassed a range of analytical techniques, both automated and manual, to provide a holistic evaluation of the smart contracts’ security posture.
Key Findings and Statistics
The audit revealed a total of 18 valid reports, classified by severity as follows:
- High Severity: 3 reports concerning funds locking, improper access control, and arbitrary deletion of order statuses.
- Medium Severity: 3 reports highlighting risks related to single-step ownership transfers, share manipulation, and oracle price update failures.
- Low Severity and Informative: Other findings focused on gas optimization and best practices, contributing to the platform’s overall resilience and efficiency.
Rewards Distribution
A total of $22,500 was disbursed as rewards, distributed among the severity categories to incentivize and acknowledge the efforts of the participating security researchers:
- 40% for critical issues (though no critical issues were identified, this allocation hasn’t been served)
- 30% for high severity issues
- 15% for medium severity issues
- 5% for gas optimization issues and best practices.
Impact and Efficiency
By addressing the vulnerabilities identified, Bluefin significantly enhanced the security and integrity of its platform. The audit not only prevented potential security breaches but also saved the Bluefin development team considerable time and resources.
This efficiency gain was made possible by the HackenProof team’s direct involvement in triaging the reports, which allowed Bluefin’s developers to focus on implementing the recommended fixes without the overhead of validating each report’s legitimacy and severity.
“Security is a continuous journey, not a one-time checkpoint. The successful completion of this audit marks a significant milestone in our ongoing efforts to ensure the highest security standards. Inspired by the insights from the HackenProof team, we are more committed than ever to maintaining an active and robust security posture through continuous assessments” – The Bluefin Team
Conclusion
The Bluefin Audit Contest, facilitated by HackenProof, exemplifies the indispensable value of rigorous security audits in the DeFi ecosystem. The efficient triaging and prioritization of issues by HackenProof underscore the benefits of partnering with experienced security professionals to streamline the audit process, thereby enabling developers to allocate their resources more effectively toward innovation and platform enhancement.
Recommendations
We strongly advocate for ongoing security assessments and the incorporation of public bug bounty programs as foundational components of any DeFi platform’s security strategy. These initiatives are vital for maintaining the highest standards of security and user trust in the dynamically evolving DeFi landscape.
About HackenProof
At HackenProof, we are dedicated to fortifying the cybersecurity posture of the digital world. Our collaborative approach to vulnerability discovery and smart contract auditing equips our clients with the insights and tools needed to navigate the complexities of blockchain security with confidence.
