Code Security: The Past, Present and Future

  1. The function, [PriceCalculatorBSC.sol] has been updated so that the token price oracle can use the Chainlink contract. The LP token price uses the code recommended by alpha homera. (ref: https://blog.alphafinance.io/fair-lp-token-pricing/) Using the decentralized price oracle from Chainlink we are able to establish “Fair asset prices” that will mitigate future price manipulations.
    Feel free to check the DiffChecker: https://www.diffchecker.com/S918SMpo
    On the right is the code that has been changed, highlighted in green vs. the left is the previous code highlighted in red.
  2. We have updated the code so that if there is an irregular pair balance in the pair contract of Bunny minter, the protocol will check it through, remove excess irregularities (dust) and remove liquidity seamlessly. We have back tested this strategy and have confirmed it to block a potential flash loan attack. Furthermore, the function, [BunnyMinterV2.sol] has also been updated whereby the performance fees accrued are not swapped into Bunny/Bnb, but will be sent to treasury contract in their respective tokens. Previously, performance fees were held in Bunny/BNB resulting in a crash in the value, as the Bunny/BNB price was manipulated through the exploit. The minting calculation of performance fee will now use the Chainlink price oracle data as seen above in #1.
    DiffChecker: https://www.diffchecker.com/mtT6bZPj
  1. We have received an audit for our single asset smart vaults from Hexlant Labs, a major auditing firm in Korea. We will be sharing the results soon!
  2. After we look through the quality of the SAV audit report, we will choose a few auditing firms to audit our entire code, including our upcoming Cross Chain. Our Cross Chain code is expected to be finished within the week, so we expect full audits from multiple firms starting within the next few weeks.
  3. We have most recently onboarded a core member of our development team who has a PhD degree in computer science, 12 years of coding experience and 5 years of experience from one of Korea’s leading cyber security research centers. We expect with his addition to the team, and his professional connections in the world of white hats (ethical hacking), will strengthen Bunny’s cybersecurity and internal code.
  4. We have some exciting new ideas for a native in-house insurance product. It is still in the ideation phase, but we hope to roll this out in the near future, to act as an additional level of security buffer.
  5. As stated in our “Go Forward Plan” our new, innovative lending platform, codename “QFI’’ will be ready for a soft launch in 2 months time. Our single asset vaults, which serve as an integral part of our future cross chain launch, currently has an external exposure to the Venus Platform. As such, after launching QFI, we will be vertically integrating this lending platform into our single asset vaults, resulting in a seamless, end to end cross chain that is controlled and developed all in-house. This shift will mitigate future vulnerabilities tied to external platform exposure.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bunny Finance

Bunny Finance

One of the most popular auto-compounding yield aggregators on the Binance Smart Chain. https://pancakebunny.finance/