Smart Contract Audit

We recently had the opportunity to conduct a comprehensive audit of Velvet Capital‘s core v3 contracts of its latest productVelvet Capital, a leading Intent OS streamlining DeFi portfolio management & social trading, backed by Binance Labs, has developed an innovative solution to address key challenges in the DeFi space. Our audit aimed to ensure the security and efficiency of their smart contracts, supporting Velvet Capital’s mission to revolutionize on-chain fund management. 

softstack smart contract audit report on velvet capital

Client

Velvet Capital

Project

Solidity Smart Contracts

Industry 

DeFi

Service

Smart Contract Auditing

Client Overview

Velvet Capital stands out in the DeFi landscape with its comprehensive suite of tools designed for both seasoned professionals and DeFi enthusiasts. Their platform facilitates seamless trade execution, yield farming, and strategy automation across multiple blockchain ecosystems. We were particularly impressed by their emphasis on security and efficiency, exemplified by their non-custodial vaults and automated trading strategies. 

Scope of the Audit

Our team at softstack approached this audit with a focus on several critical areas: 

  1. Compliance with Best Practices: We rigorously checked for adherence to smart contract best practices, including safeguards against common vulnerabilities like reentrancy attacks and overflow/underflow issues. 
  2. Effective Role-Based Access Control: Our audit verified the proper assignment and management of roles to ensure only authorized entities could execute privileged functions. 
  3. Secure Token Transfer Functions: We thoroughly evaluated token transfer functions to protect against unauthorized transfers and balance manipulation. 
  4. Accurate Fee Calculation and Charging Mechanisms: Our team validated fee calculation and charging mechanisms to ensure correct implementation and application during deposits and withdrawals.
  5. Correct and Secure Initialization Processes: We verified the secure and correct execution of contract initialization processes. 
Audit Findings

Our comprehensive audit, combining manual review and automated analysis, uncovered around 50 issues, categorized by severity. Key findings included: 

High Severity Issues: 

  • Incorrect Parameter Order in Function Call 
  • Incorrect updated At Value Retrieval


Medium Severity Issues

  • Division by Zero in Portfolio Calculations Contract 
  • Incorrect Calculation Due to Mismatched Array Lengths 
  • Division Before Multiplication in Fee Calculations and Portfolio Calculations Contracts 
  • Potential Issue with UUPS Upgradeable in the _upgrade Function 


We also identified multiple low severity and informational issues related to Solidity style guide compliance, missing NatSpec comments, and optimization opportunities. 

Methodology

At softstack, we pride ourselves on our thorough approach. Our audit involved: 

  • Line-by-line review of the provided smart contract files 
  • Comparison with specifications 
  • Extensive testing to uncover potential vulnerabilities 
  • Use of advanced automated tools for symbolic execution and test coverage analysis 


We were pleased to see Velvet Capital’s swift response in addressing the identified issues, demonstrating their commitment to maintaining a secure platform. 

Conclusion

Our audit of Velvet Capital’s Core v3 contracts of their latest product reinforces their dedication to enhancing security and reliability in the DeFi space. By addressing the identified vulnerabilities and adhering to best practices, Velvet Capital has significantly strengthened its platform’s security posture. 

This audit showcases softstack’s expertise in conducting thorough, insightful smart contract audits. Our ability to identify and help resolve complex issues across various severity levels underscores our position as a leading security partner in the Web3 space. 

Call to Action

At softstack, we continue to provide top-tier auditing services for smart contracts across various blockchain platforms. Our expertise in smart contract security, penetration testing, and Web3 infrastructure ensures that your projects are secure and compliant. 

Are you developing a DeFi platform or any blockchain-based application? Don’t leave your security to chance. Contact softstack today to learn how we can help safeguard your blockchain applications and enhance your platform’s security. 

For more information about Velvet Capital, visit: 


For a detailed look at our audit process and findings, check out the complete Smart Contract Audit Report [GitHub]. 

Services we provide

Web3 Development

Web3 Security

Web3 Consulting

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.

softstack smart contract audit report on velvet capital

Smart Contract Audit

Discover how softstack's comprehensive smart contract audit strengthened Velvet Capital's DeFi platform. Learn about our expert findings, methodology, and the importance of security in blockchain development.
Explore

Technical Due Diligence MC² Finance

The role of Technical Due Diligence towards successful fundraising
Explore

Payment Gateway

Explore our case study on dimo, a groundbreaking digital currency platform in Africa, designed for high security, efficiency, and user-friendliness. Learn how our innovative blockchain integration and strategic development led to dimo's success.
Explore

Wallet

Uncover how we crafted a non-custodial crypto wallet that seamlessly merges high-security standards with an intuitive interface, catering to both experienced crypto enthusiasts and Web2 newcomers.  
Explore

NFT Ticketing

Discover how our expert consulting, innovative strategies, and effective project management helped NFT-Tix revolutionize the event ticketing industry with a secure, efficient, and user-friendly NFT-based platform.
Explore

NFT Marketplace

Discover how we built a robust and user-friendly NFT marketplace from scratch, integrating appealing UI/UX design with secure smart contract functionality, ready for a highly-anticipated public launch.
Explore
Previous
Next

We’re here to be your preferred service partner
for development, security and consulting in Web3. 

Request Audit

EXPLORE

Contact
Career
Press & Branding
Insights

SERVICES

Web3 Development
Web3 Security
Web3 Consulting

EXPERTISE

Ecosystems
Programming Languages

Twitter Linkedin Github Telegram
hello@softstack.io
Legal Notice   Privacy Policy   Disclaimer

Copyright © 2017-2024 Softstack GmbH (formerly Chainsulting). All rights reserved.