Contacts
Rewind Protocol Successfully Completes Pessimistic Security Analysis Audit

Rewind Protocol Successfully Completes Pessimistic Security Analysis Audit

We are pleased to announce that the Rewind Protocol security analysis audit by Pessimistic is complete.

The goal of the audit is to identify any potential security risks and provide recommendations for mitigating those risks.

We take these actions very seriously because we are dedicated to the safety of our ecosystem.

Here is a brief summary of the report from the Pessimistic audit:

The audit was carried out to consider the security of Rewind Protocol smart contracts and mitigate vulnerabilities in the source code

A thorough examination has been performed by Pessimistic on the code manually additionally they scanned the project with the static analyzer Slither.

Pessimistic paid additional attention to the following parts of the code:

  1. The permit functionality is utilized correctly.
  2. Functions have proper access control.
  3. USDT is integrated correctly, and its features (i.e., decimals 6) don’t break the project logic.
  4. One cannot manipulate a pool rate to their advantage.
  5. Upgradability is implemented correctly.
  6. Gas usage is optimized.
  7. Arithmetic operations and type casts cannot lead to over/underflow.
  8. OpenZeppelin dependencies are initialized correctly.

The initial audit showed one critical issue, three medium-severity issues, and several low-severity issues. However, after the initial audit, Rewind Protocol developers updated the code and fixed all critical and medium-severity issues, and some of the low-severity issues as well.

A critical issue found by Pessimistic was related to front-running withdrawal. In order to avoid a situation where anyone can front-run a call to withdraw with a discount and re-use the user’s permit for other purposes, we have restricted access to this function, allowing this action for the service role only.

The three medium-severity issues found by the audit are related to the Token contract. Rewind Protocol has resolved all of the above as well as fixed and optimized low-severity issues.

The Pessimistic audit is another important milestone for Rewind Protocol. We’re fully committed to securing our ecosystem. You can read the full report here.

We appreciate your trust and patience. With such support and loyalty, we are ready to step forward!