Paxos Standard (PAX) Stablecoin Audit Report Released, No Security Issues Found

Paxos Standard (PAX) Audit Report Released Online

Nomic Labs, a smart contract and decentralized system auditing company, just released its audit report for the Paxos Standard (PAX), including the Paxos Stablecoin system.

You can view the full report here: https://medium.com/nomic-labs-blog/paxos-standard-pax-audit-report-ca743c9575dc.

“We conducted two security audits of the Paxos Stablecoin system, Paxos Standard (PAX), and no vulnerabilities were found,” according to auditors at Nomic Labs.

However, security auditors did have recommendations around the Paxos system. The Paxos team has already responded to those recommendations.

Earlier this week, New York-based Paxos released a USD-backed stablecoin approved by New York regulators. The news came the same day as the release of the Gemini Coin, launched by crypto exchange giant Gemini as another New York regulator-approved, USD-backed stablecoin.

Paxos is described as a Blockchain Trust company. The company markets itself as “a fiduciary and qualified custodian of customer funds.” Now, it aims to enter the market in a big way with the launch of a safe, regulated stablecoin.

What Did Auditors Find?

Typically, Nomic Labs will separate its audit into different issues based on severity, including critical severity, high severity, medium severity, and low severity. Auditors did not find issues with any level of severity during the Paxos audit.

Auditors did have four recommendations and comments for the Paxos project, including:

  • Consider using pragma experimental “v0.5.0”, as it’s been recommended by Solidity since version 0.4.21. This pragma opt-ins to upcoming breaking changes.
  • StablecoinImplementation#initialize returns an unused boolean. The intention for doing so is not clear. We recommend documenting it or removing the return value.
  • StablecoinImplementation#setSupplyController and transferOwnershipemit events before modifying the state. We recommend using the Checks-Effects-Interactions Pattern in every function that modifies the state.
  • StablecoinImplementation#setSupplyController doesn’t check that _newSupplyController is not 0x0, which can lead to accidental misconfigurations in the system.

Paxos Has Responded To All Four Of The Comments And Recommendations.

The Nomic Labs audit also mentioned another interesting thing about the Paxos system: the Paxos stablecoin is an ERC20 token, but ERC20 functions like allowance, approve, and transferFrom are not present.

“Removing these functions will decrease the interoperability of the token, as most contracts dealing with ERC-20 use them. For instance, the 0x protocol uses them to execute trades without getting custody of the users’ funds.”

Paxos provided an explanation to auditors describing why these functions were not included. However, the Nomic Labs auditors “consider the explanation to be incomplete.” Later, Nomic Labs updated their audit to explain that Paxos had added the standard implementation for ERC-20 tokens.

Another important thing to note is the Paxos approach to law enforcement. The auditors noted that Paxos has the ability to freeze the system to keep the token KYC friendly.

“However, the current implementation doesn’t protect against front running. A highly sophisticated attacker might observe non-settled freeze attempts in the blockchain and race it with a transaction to transfer the coins from the being-frozen address to a second address in a cat-and-mouse game.”

Paxos responded by stating that pausing the contract is a highly visible and highly disruptive action for the utility of the token because it does not allow anyone to transfer. Paxos does have a system in place to mitigate front running.

They’ll submit freeze transactions with high gas prices, for example, to ensure the transactions are quickly mined into the blockchain, removing the potential for a “cat and mouse” game.

Conclusion

Despite the numerous comments and recommendations, auditors from Nomic Labs insisted they found no major issues during their audit of Paxos:

“No security issues were found. Some changes were proposed to reduce potential attack surface, and the Paxos team has applied the fixes described above.”

Earlier this week, it was reported that Paxos, a Blockchain Trust company, had launched a USD-backed stablecoin approved by US regulators. The news was announced at the same time as the Gemini Dollar announcement – another USD-backed stablecoin approved by New York regulators.

In any case, it looks like the Paxos stablecoin and Gemini Dollar will compete with each other over the coming months. Based on this audit from the smart contract security professionals at Nomic Labs, Paxos has no security issues at present.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Avatar
Bitcoin Exchange Guide News Team
B.E.G. Editorial Team is a gracious group of giving cryptocurrency advocates and blockchain believers who want to ensure we do our part in spreading digital currency awareness and adoption. We are a team of over forty individuals all working as a collective whole to produce around the clock daily news, reviews and insights regarding all major coin updates, token announcements and new releases. Make sure to read our editorial policies and follow us on Twitter, Join us in Telegram. Stay tuned. #bitcoin

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,441FansLike
2,795FollowersFollow
4,193FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Bitfinex & Tether Class Lawsuit Revised; Adding Bittrex and Poloniex to Alleged BTC Price Manipulation

Revised lawsuit on Bitfinex’s alleged price manipulation of the market using Tether (USDT) during the 2017 bull run to $19,800 has added two...

‘Masked Hero' Calling to ‘Buy Bitcoin' Amidst the Peaceful Protests and Riots in the US

Bitcoin is taking an active part in the riots across America. People are protesting since last week over the death of George Floyd,...

DiversiFi, Formerly Ethfinex, Launches Its DEX 2.0 With Starkware; Processing 9,000 + TPS

Bitfinex sister decentralized exchange, DEX in short, DiversiFi, which relabeled from Ethfinex in August last year, announced a relaunch of their platform, now...

Bitcoin Difficulty Sees 2nd Largest Drop of 2020 to 9.29%; Hashrate & Price Continue to Dance

Today, the bitcoin network difficulty took a drop of 9.29% to 13.73 trillion, as per Coinwarz. This is the fourth downwards adjustment this year after...

Japan’s Top Banks Join Crypto Exchange-Led ‘Study Group' to Discuss Digital Payment System

Three Japanese banking industry heavyweights are joining arms in a study group to focus on digital payment settlement networks in the country. The...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today