Audits & Formal Verification

Security Reports

Important Information About Audits

Silo v1.1.1 was fully audited by QS and ABDK. Deployed version differs from the audited version. All Silo versions are formally verified. Read on.

The core contributors team followed rigid processes to develop and secure the Silo protocol, including:

  • Writing comprehensive unit tests

  • Verifying contracts against written rules (a process known as Formal Verification)

  • Conducting extensive internal code reviews

  • Hiring two reputable auditors to audit contracts

  • Running a security bounty program through Immunefi

Silo v1.1.1 refers to core smart contracts that implement permissionless isolated lending markets governed by the Silo DAO. Version v1.1.1 was fully audited by Quantstamp and ABDK. Upon the conclusion of the audits, the core team tested audited contracts against various formal verification rules using the Certora Prover (the process is known as Formal Verification).

The Formal Verification revealed a few critical vulnerabilities that went undiscovered in both the ABDK and Quantstamp formal audits. The team fixed those vulnerabilities and released a new version of smart contracts. Rather than repeating the full audit again, the team extensively reviewed the code and tested it against formal verification rules. Smart contracts pass all Formal Verification specifications. Please see the Formal Verification report

While we believe the audited version Silo v1.1.1 and deployed version do not vary materially, we cannot guarantee the security of any shipped deployments including the currently deployed version.

Going forward, the core team will only audit new versions of the protocol–that is, when there are major upgrades to the architecture of the protocol. The core team has already retained Trail of Bits to audit Silo V2.

Silo beta imposes deposit caps in launched markets (Silos) to limit users’ exposure. During the first 4 weeks of beta, the core team will work with the white hats community through Silo’s bounty program to further improve the protocol’s security.

Last updated