Polemos has partnered with Halborn to undertake an audit of our new Armory Smart Contract.
Halborn is a blockchain security company used extensively and regarded as employing industry best practice.
The focus of the audit was to ensure that our Polemos wallet functionality was secure and safe for our lenders and borrowers, i.e. ensure that there will be no loss of assets for lenders or borrowers.
We have adopted stringent security standards and there are no identified risks for lenders or borrowers using our system. There is some risk of the service becoming unavailable (through denial-of-service attacks) but this does not impact the security of assets.
In the PDF document below you will find the current Polemos Lending audit report performed by Halborn. You can also download this PDF directly. More audits will be added over time.
All issues that were raised were resolved commensurate to their risk.
Notes and follow-ups:
- Initialisation and Deployment: acknowledged and will be reviewed during new deployments. Current deployment has been verified to be secure. e.g. HAL-09
- Front-run DoS on staking: Any attacker would have to invest and lose gas fees to use this and additionally we now have a check to confirm if they are a known wallet. HAL-15
- Possible Price variation for borrower: the borrower would be able to spot any variations since they will have to authorise the transaction. Hence it is rated as informational. HAL-25
- Polemos security: It is important to note that the customer is relying on a Polemos custodial wallet, and therefore its security as well.
Polemos and our partner providing this service have taken into consideration the security controls required to safeguard the wallet access and its assets. We have ensured that we use HSMs (Hardware Security Modules) to protect keys. Additionally we have key management processes that ensure unauthorised transactions cannot be performed even by our own staff.