saddle.finance
Search…
1.0.0
Smart Contract Security
We hire well reputed external agencies to audit our smart contract codes.
Smart contracts are subject to flaws, coding errors, unintended behavior, and inefficiencies. Once deployed in the blockchain, smart contracts are immutable (cannot change). At Saddle, we take the security of the smart contract seriously.
We conduct our own internal security audit of the smart contract code we’ve written. As a further check, to make sure Saddle’s code is proper and working as intended, we hire well reputed external agencies to audit our smart contract codes.
As for now, we have passed security auditing on all Saddle smart contracts, from the following auditors, with no issues.
AUDITOR
PROTOCOL AUDIT
VIRTUAL SWAP AUDIT
TOKEN AUDIT
Disclaimer: Security audits don’t eliminate all risks. Using Saddle as an exchange for a user should be significantly less risky, but please bear in mind there are still risks. Refer to the risks section for more details.
Certik Audit Report
Founded in 2018 by professors at Yale University and Columbia University, CertiK is a pioneer in blockchain security, using best-in-class AI technology to secure and monitor blockchain protocols and smart contracts. CertiK’s mission is to secure the cyber world. Starting with blockchain, CertiK applies innovations from academia into enterprise, enabling mission-critical applications to be built with security and correctness.
CERTIX AUDIT REPORT FOR SADDLE PROTOCOL - 29 OCT 2020
Quantstamp Audit Report
Quantstamp is the leader in blockchain security, having performed over 200 audits and secured over $100 billion in value. Their top team of PhDs and security professionals have a combined total of over 1,000 Google Scholar citations. They have audited many blockchain systems, including Ethereum 2.0, Binance Smart Chain, Flow, Cardano, and Avalanche and have secured successful innovative applications such as Maker, Compound, and NBA Top Shot.
QUANTSTAMP AUDIT REPORT FOR SADDLE PROTOCOL - 10 DEC 2020
QUANTSTAMP AUDIT REPORT FOR SADDLE VIRTUAL SWAP – 31 MAR 2021
OpenZeppelin Audit Report
Founded in 2015, OpenZeppelin has set industry standards for building secure distributed systems. OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies. OpenZeppelin verifies the distributed systems work as intended by performing an audit. Their engineers fully review the system's architecture and codebase and then write a thorough report that includes actionable feedback for every issue found.
OPENZEPPLIN AUDIT REPORT FOR SADDLE PROTOCOL - 11 DEC 2020
SADDLE ADMIN KEYS SECURITY
A Gnosis Safe multisig secures Saddle’s admin keys. Gnosis is a trusted platform to manage digital assets in Ethereum. Gnosis Safe is a smart contract wallet running on Ethereum, which requires a minimum number of people to approve a transaction before it can occur (M-of-N). This assures that no single person could compromise the funds.
A 3/7 Gnosis Safe multisig secures Saddle's admin keys. The signers are Mariano Conti, Kain Warwick, DegenSpartan, Klim K, Damir Bandalo, scoopytrooples, and Aurelius.
NAME
ENS
ADDRESS
This 3/5 multisig has capabilities to pause new deposits and trades in case of technical emergencies. Users will always be able to withdraw their funds regardless of new deposits being paused. The multisig can also change the swap/withdrawal fees and the per pool/account deposit limits.
BUG BOUNTY PROGRAM
Our goal is to provide you with the safest Saddle protocol. We encourage the community to help us find bugs or vulnerabilities in the protocol. The bounty reward is up to US$ 50,000. Help us find an issue and earn a reward for your service.
Report Via Email
Report bugs and issues for Saddle protocol by sending an e-mail to [email protected]. Please include the following details in your email:
- Subject: A subject field summarizing the bug/issue
- Description: Provide detailed information in the email body - detailed information about the issue, steps to reproduce the bug, any other details needed to help identify and resolve the problem, etc.
- Attachments: Supporting documents & attachments like screenshot, video, logs, etc)
- Your name and e-mail
- Your wallet address: Please specify your network and wallet address
Report Via Other Channels
Report your findings via any one of these channels.
REPORT HERE
LINK
Discord (#support channel)
Telegram
Immunify Bug Bounty
Terms & Conditions
The Terms and Conditions cover your participation in the Bug Bounty Program. By submitting any vulnerabilities to Saddle Finance or otherwise participating in the Program in any manner, you accept these Terms.
Last modified 3mo ago