The smart contracts underpinning 21BTC on Solana have successfully completed a rigorous security audit by Halborn, a leader in blockchain security and mitigation. The audit found no high or critical vulnerabilities, and the Halborn team actively identified potential risks leading up to the launch of the token. Their efforts enhance our continuous and seamless issuance and deployment.
21BTC on Solana relies on smart contract interactions facilitated by Onyx, the 21.co proprietary operating system used to support the minting and burning process. Onyx ensures security through certified third-party custodians and a world-class operations team. As an extra layer of precaution, 21.co enlisted Halborn to conduct a penetration test to further solidify the security of our system and smart contracts token.
While 21BTC adheres to a standard SPL specification, third-party review is essential to provide transparency and trust. The audit covered the SPL standard behind the 21BTC token, including potential interactions with external smart contracts, code legibility, and interactions with different signing procedures.
Halborn Auditing Techniques Explained
From the Halborn Audit:
Halborn performed a combination of manual review and security testing based on scripts to balance efficiency, timeliness, practicality, and accuracy regarding the scope of this assessment. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance code coverage and can quickly identify items that do not follow the security best practices.
The audit process begins with code preparation. We supplied documentation and code tests to help Halborn conduct their review.
The audit involved a manual, line-by-line review of the logic, unit, and integration tests and a unique testing system called fuzzing, which adds another layer of automated security. Fuzzing introduces a wide range of random inputs to assess potential errors from poor input sanitization, a common source of security flaws in both Web2 and Web3 systems.
The Halborn audit also analyzed potential non-code vulnerabilities involving interactions with other DeFi protocols and tokens.
Audit Results
The audit report identified just two low-severity and two informational issues, helping to secure the project against edge cases. The most critical component of the authorization module was improved following internal and external review.
At 21.co, security is a top priority. While the smart contract components of 21.co Wrapped Tokens maintain simplicity, our emphasis on auditing remains intact. Learn more about 21.co Wrapped Tokens, including our newly launched 21BTC on Solana, here (link to announcement article).