2nd Audit Completed — Optimizes Core System and Bridge Functionality— by Security Research Labs

BalanceAI Network
5 min readNov 12, 2024

We are excited to announce the successful completion of BalanceAI’s second smart contract security audit, conducted by Security Research Labs (SRL). This audit focused on the core platform components, including the BalanceAI Bridge, ensuring the security and efficiency of cross-chain interactions between Ethereum and BalanceAI Network (Substrate).

SRL thoroughly reviewed our smart contracts and bridge, addressing all identified critical vulnerabilities, optimizing gas efficiency, and enhancing platform security. With these issues resolved, we are closer than ever to the mainnet release.

For a detailed overview of the audit findings and improvements, we invite you to read the full report, link share below. You can explore the first audit report for additional context.

Audit Overview

Our smart contract system and the BalanceAI bridge were extensively tested to ensure they meet the highest standards of security and performance. The audit report highlights several key areas where improvements were made, ensuring a smooth and secure user experience. Here’s a brief overview of the critical aspects that were audited and optimized:

The comprehensive security audit of BalanceAI, conducted by Security Research Labs (SRL), focused primarily on optimizing the core system and bridge contract of the platform. The audit covered key aspects including gas optimization, dependency updates, function visibility improvements, and a thorough review of the Bridge Security and Optimization to ensure that BalanceAI’s platform is both secure and efficient for users.

All identified issues have been mitigated, ensuring the platform operates with optimal security and performance. We invite you to explore the full audit report for a detailed breakdown of the vulnerabilities and the solutions implemented.

Read the complete audit report here to learn more about the measures taken.

https://github.com/balanceainetwork/audits/blob/main/SRL-BalanceAI-baseline_security_assurance-report-2.0.pdf

Key Audit Highlights and Improvements:

1. Gas Optimization:

A major component of this audit was addressing inefficiencies in gas consumption, which is critical for ensuring cost-effective transactions for users.

Uncached Use of array.length: One significant issue identified was the uncached use of array.length during iterations, which involved accessing the length of arrays directly from storage in every loop. This approach led to unnecessary gas consumption and transaction costs.

Solution: The team resolved this by caching the array length in memory during the iteration process. This optimization reduces the number of storage reads and, as a result, lowers gas costs for users, improving the overall efficiency of transactions on the network.

2. Updated Dependencies:

Deprecated Dependencies: During the audit, it was discovered that some of the dependencies used, particularly those from the OpenZeppelin library, were outdated. Using deprecated versions can lead to performance inefficiencies and potentially higher gas costs.

Solution: All outdated dependencies have been updated to OpenZeppelin 5.0.0 to ensure compatibility with the latest standards and improvements. This upgrade not only ensures better performance but also minimizes unnecessary gas usage by incorporating the most efficient implementations available.

Manual Optimization: In addition to updating dependencies, the audit also revealed the need for manual intervention to improve specific functions. For example, the functions increaseAllowance() and decreaseAllowance() were manually optimized to ensure compatibility with the latest versions and to further reduce gas costs.

3. Function Visibility for Gas Efficiency:

Public vs. External Functions: The visibility of smart contract functions plays a crucial role in optimizing gas usage. Functions that are only called externally should be designated as external rather than public, as this distinction reduces computational overhead.

Solution: The audit highlighted several functions that could benefit from this adjustment. As a result, we optimized the contract by changing the visibility of such functions from public to external, reducing unnecessary gas consumption and improving overall contract performance.

4. Bridge Security & Optimization:

The BalanceAI Bridge is a key part of the platform’s cross-chain functionality, enabling secure asset transfers between Ethereum and Substrate. The audit focused heavily on evaluating the bridge’s security, efficiency, and optimization to ensure it can handle transactions safely and cost-effectively.

Bridge Contract Review: The SRL audit meticulously reviewed the Bridge contract, which facilitates asset teleportation between chains. The team thoroughly tested the bridge for potential vulnerabilities that could be exploited by malicious actors, such as issues related to nonce mismatches or insufficient safeguards against abuse.

Solution: All potential vulnerabilities were addressed, including the implementation of secure cross-chain liquidity checks, and rate-limiting mechanisms to prevent abusive behavior. These optimizations ensure that transactions between Ethereum and Substrate are secure and efficient, with minimal risk of exploitations.

Teleportation Safeguards: In addition to general security, the audit identified gaps in the safeguards around token teleportation, which could allow privileged participants to manipulate or abuse the system. This vulnerability has been fully addressed, ensuring that all users can now trust the teleportation mechanism to be secure and fair.

Outcome and Future Steps:

With all identified security issues successfully addressed and resolved, including the issues related to the Bridge and core system optimizations, BalanceAI is now fully prepared for its mainnet launch. These improvements significantly enhance the platform’s overall security, performance, and scalability, ensuring that BalanceAI can offer users a seamless and efficient experience with secure cross-chain ($wBAI — $BAI) asset transfers.

More information and official social media channels to participate and stay updated can be found at:

Website: balanceai.network

GitHub Repository: BalanceAI GitHub

Medium Blog: BalanceAI Medium

Social: BalanceAI Media

Docs: BalanceAI Documentation

Contact: Contact Form

--

--

BalanceAI Network
BalanceAI Network

Written by BalanceAI Network

BalanceAI is an open-source protocol that powers a decentralized, blockchain-based AI Models Marketplace.

No responses yet