The smart contracts underpinning the 21.co Wrapped Tokens have successfully completed a rigorous security audit by Halborn, a leader in blockchain security and mitigation. The audit found no high or critical vulnerabilities, and the Halborn team actively identified potential risks leading up to the launch of our 21.co Wrapped Tokens. Their efforts enhance our continuous integration (CI) and continuous deployment (CD) pipeline in the process.

21.co Wrapped Tokens rely on smart contracts facilitated by Onyx, our proprietary operating system to support the minting and burning process. Onyx ensures security through certified institutional-grade custodians, leading security and compliance software providers, and a world-class operations team. As an extra layer of precaution, 21.co enlisted Halborn to conduct a penetration test to further solidify the security of our automated smart contracts. 

While the 21.co Wrapped Tokens adhere to a standard ERC-20 specification, third-party review is essential, particularly to ensure security for minor customizations. The primary focus was on the authorization process for minting and burning tokens, but the audit also analyzed potential interactions with external smart contracts, code legibility, and fee optimization.

Halborn Auditing Techniques Explained

The audit process begins with code preparing and initiating a code freeze to guarantee the accuracy of the results. We supplied documentation and code tests to help Halborn conduct their review. The audit involved a manual, line-by-line review of the logic, unit, and integration tests, as well as a unique testing system called fuzzing, adding another layer of automated security. Fuzzing introduces a wide range of random inputs to assess potential errors stemming from poor input sanitization, a common source of security flaws in both Web2 and Web3 systems.

The Halborn audit also analyzed potential non-code vulnerabilities, involving interactions with other DeFi protocols and tokens.

Audit Results

The audit report identified just two low-severity and two informational issues, helping to secure the project against edge cases. As the most critical component, the authorization module was improved following both internal and external review.

David Josse, CTO of 21.co, states, “21.co partnered with Halborn to assess the smart contracts underlying our newly released 21.co Wrapped Tokens. The team conducted an extensive code review and audit without incident. We take auditing seriously, and Halborn's expertise helps us to release products that prioritize security. We have several other audits underway with Halborn and look forward to continuing our partnership into the future."

At 21.co, security is a top priority. While the smart contract components of 21.co Wrapped Tokens maintain simplicity our emphasis on auditing remains intact. Learn more about 21.co Wrapped Tokens.