Smart Contract Security in DeFi: How softstack audited fija

Decentralized finance (DeFi) continues to evolve, providing new opportunities for automated financial services. However, with innovation comes risk, and security vulnerabilities in smart contracts can lead to financial losses and reputational damage. At softstack, we specialize in comprehensive blockchain security audits, ensuring that protocols maintain the highest levels of security, efficiency, and compliance.

fijaxsoftstackauditblog

Client

fija

Project

institutional DeFi protocol

Industry 

Web3

Service

multiple smart contract audits

One of our recent engagements involved working with fija, a crypto earn product offering automated and tokenized investment strategies. Since June 2023, we have conducted four independent security audits for fija, focusing on its core protocol, vault mechanisms, and key DeFi integrations.

This article outlines our audit methodology, key findings, and how we helped fija strengthen its smart contract security.

About fija: A Complex and Innovative DeFi Protocol

fija is a Munich, Liechtenstein and Czech Republic-based fintech company specializing in automated and tokenized DeFi yield strategies. fija is transforming how people earn interest on their crypto assets with a compliant, transparent, and easy-to-use “Crypto Earn” product. By offering MiCAR and MiFID compliant crypto yield products, fija enables users to earn yield while maintaining compliance with financial regulations. In doing so, fija bridges the gap between traditional and decentralized finance, making DeFi more accessible, sustainable, and integrated into the broader financial ecosystem.

At its core, fija enables automated investment strategies by integrating with leading DeFi protocols, including:

  • Aave – Lending and borrowing strategies
  • GMXv2 – Perpetual futures and decentralized trading
  • Curve & Convex – Liquidity and yield optimization

fija’s architecture is highly complex, efficiently allocating assets across multiple DeFi protocols to optimize returns while managing risk. The protocol employs a smart contract whitelisting system to ensure security and prevent unauthorized access to user funds.

Given the technical complexity and the financial stakes involved, fija required a rigorous audit process to verify the security of its vaults, investment strategies, and transaction mechanisms.

Scope of the Audit

The four audits conducted by softstack covered the following components of the fija protocol:

  1. Vault & Core Protocol – The foundational infrastructure managing deposits, withdrawals, and overall fund security
  2. Curve & Convex Strategies – Yield farming integrations designed to maximize returns while minimizing slippage and impermanent loss
  3. GMXv2 Strategies – Smart contract mechanisms for perpetual trading and leveraged strategies
  4. Aave Optimizer – Automated allocation of assets across lending and borrowing pools


To assess the security of these components, we applied a multi-layered approach, including:

  • Codebase review for vulnerabilities and adherence to best practices
  • Automated and manual penetration testing
  • Analysis of external dependencies and third-party integrations
  • Validation of access controls and transaction security

Key Security Findings

Throughout the audits, we identified over 50 vulnerabilities across various components. While no critical security risks were found, several medium and low-severity issues were reported and addressed.

Vault & Core Protocol Security Enhancements

  • Some withdrawal functions lacked robust access control, potentially allowing unauthorized fund transfers.
  • Fund allocation mechanisms required optimization to prevent underutilization of assets.

Curve & Convex Strategy Hardening

  • Slippage protection was not consistently enforced, making transactions vulnerable to front-running attacks.
  • Misallocation of funds during rebalancing operations.

GMXv2 Strategy Risk Mitigation

  • Improper handling of large withdrawal requests could lead to liquidity shortages.
  • Some function calls lacked input validation, potentially allowing unintended contract interactions.

Aave Optimizer Smart Contract Refinements

  • Fund reallocation logic did not account for edge-case scenarios, leading to inefficiencies.
  • Lack of a fail-safe mechanism for swap transactions.


All identified vulnerabilities were resolved and also integrated into unit tests to prevent future issues.

Learn more about the audit findings → Read the full report on GitHub

Collaboration and Continuous Security Improvements

A smart contract audit isn’t just about finding vulnerabilities—it’s about ensuring long-term security and resilience. fija actively collaborated with our audit team, promptly addressing each finding and implementing all recommended improvements.

Key enhancements from our partnership include:

  • Strengthened smart contract security mechanisms
  • Improved transaction handling and fund allocation processes
  • Enhanced documentation and security best practices


fija’s proactive approach to security ensures that users can interact with fija’s earn products confidently, knowing their assets are protected.

Why Smart Contract Audits Matter for Enterprise DeFi Solutions

With the continued expansion of decentralized finance, security remains a critical concern for enterprise clients, institutional investors, and DeFi developers. A single smart contract vulnerability can lead to millions in losses, making regular security assessments essential.

For DeFi protocols, smart contract audits provide:

  • Protection against financial and reputational risk
  • Compliance with financial regulations and investor requirements
  • Optimized performance and reduced transaction costs
  • Higher trust and credibility within the blockchain ecosystem


At softstack, we help businesses, financial institutions, and DeFi platforms strengthen their security posture through deep technical expertise and real-world attack simulations.

Final Thoughts: Setting the Standard for DeFi Security

fija’s commitment to security sets a benchmark for responsible DeFi development. By undergoing extensive audits and implementing industry best practices, they have reinforced trust in their earn product and ensured the integrity of their investment strategies.

As DeFi continues to evolve, strong security frameworks and proactive risk mitigation will be essential for long-term success. Whether you are a startup or an established protocol, ensuring the security of your smart contracts is critical for maintaining investor confidence and regulatory compliance.

Want to strengthen your DeFi security? softstack offers top-tier smart contract audits and risk assessments to help you stay protected.

To learn more about our security services or schedule an audit, contact us at hello@softstack.io.

 

Services we provide

Web3 Development

Web3 Security

Web3 Consulting

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.

fijaxsoftstackauditblog

Fija’s Smart Contracts: Audited & Secured

To strengthen DeFi security, softstack audited Fija’s smart contracts—identifying vulnerabilities, enhancing protections, and reinforcing trust.
Explore
bitcoin.comxsoftstackaudit

Auditing Bitcoin.com’s Farming Contracts for Security

Softstack audited Bitcoin.com’s Dynamic Reward Farming contract, enhancing a secure and efficient experience for users. Learn how Bitcoin.com strengthened its Verse ecosystem.
Explore
XRP Ledger Security Audit

Security Auditing Ripple’s Multi-Purpose Token on XRP Ledger.

Explore our XRP Ledger security audit for Ripple's Multi-Purpose Token, ensuring robust implementation and scalable blockchain solutions.
Explore
pantosxsoftstack_infrastructuresecurityaudit2

Security Audit of Pantos Node Infrastructure and Smart Contracts

Discover how Softstack’s in-depth security audit strengthened Pantos’ cross-chain nodes and smart contracts, setting new standards in blockchain interoperability and security.
Explore
tezosxsoftstack

Telegram Mini App SDK

Softstack's t:connect SDK brings Tezos and Etherlink to 800M+ Telegram users, enabling seamless blockchain integration.
Explore
softstack smart contract audit report on velvet capital

Smart Contract Audit

Discover how softstack's comprehensive smart contract audit strengthened Velvet Capital's DeFi platform. Learn about our expert findings, methodology, and the importance of security in blockchain development.
Explore

We’re here to be your preferred service partner
for software development, cybersecurity and consulting in Web3. 

Request Audit

EXPLORE

Contact
Career
Press & Branding
Insights

SERVICES

Web3 Development
Web3 Security
Web3 Consulting

EXPERTISE

Ecosystems
Programming Languages
BioHash (BEKI)
Twitter Linkedin Github Telegram
hello@softstack.io
Legal Notice   Privacy Policy   Disclaimer

Co-Financed by the European Union – the Federal Government and Land Schleswig-Holstein (GRW)

Copyright © 2017 – 2024 Softstack GmbH (formerly Chainsulting). All rights reserved.