Red4Sec + BambooDeFi (CODEAUDIT) -UPDATE 1-

3 min readNov 8, 2020

The relevance of a code audit.

A code audit is the practice of validating a software security requirements guarantee by reviewing its code. Is the main and most important process carried out within the management of secure software development. At BambooDeFi we are very conscious of this and that is why we have the best. Red4Sec are auditors recommended by the biggest ones in the industry like KuCoin or Neo.

These are some of the projects audited by Red4Sec

Process of the Code Audit:

This process is mainly done by reviewing and reading the code. This code is presented as original source code and through SCs released in testnet. For its validation, reverse engineering techniques and very specialized software are applied.

This process is really a code review, a code quality control and a control over the security of the audited code.

In software development, security requirements must always be met, especially if we are talking about software capable of managing monetary capital. Writing a small script is not the same as developing a tool of the size of BambooDefi, as you can imagine…. the implications and risks involved are different.

As an example of transparency we want to show one of the audits.

This is one of the partial audits, performed on the central SC of BambooDeFi where we found various improvements that could be made.

The BambooDeFi ecosystem is formed by a lot of Smartcontracts that interact with each other, all of them will be audited by Red4Sec and once the possible errors are corrected and the recommended improvements are applied, we will receive the quality seal granted by Red4Sec

Risks

Failing to meet safety requirements is not as obvious as failing to meet quality requirements. For the second, any BambooDeFi user can detect and give feedback on these. Although a security hole can be detected “by accident”, it is common that they are discovered by looking for them through a malicious or unusual use of the application or by applying hacking techniques.

When should an audit be performed?

For BambooDeFi we had it very clear, it is better to perform several audits of each piece that composes the ecosystem of BambooDeFi than to perform only one when it is completely finished.
So, each BambooDeFi contract will be audited and tested intensively before its release on mainnet.

At NexxyoLabs we believe that all software development must be managed to solve its possible vulnerabilities and assess the risks, and that is why we have decided to audit the whole project before launching it. This practice is part of the security management standards implemented by NexxyoLabs for all its developments.