Zoth merges Traditional and Onchain Finance, creating robust pools for tokenizing and liquifying high-quality Real World Assets through innovative lending protocols.
Through a detailed 15-day audit, QuillAudits identifies and resolves critical vulnerabilities within Zoth's smart contracts, significantly improving the security and functionality of their financial ecosystem.
Zoth is a company that connects Traditional Finance (TradFi) and Onchain Finance, enabling new opportunities for enhanced liquidity and efficient tokenization mechanisms for Real World Assets (RWAs). The company's mutualized and robust pools are designed to tokenize and create liquidity for high-quality RWAs on-chain. Zoth's first product is a Lending Protocol that provides Crypto Lenders access to Insured & secured High Yield Trade finance & private credit products from emerging markets.
Zoth bridges Traditional Finance and Onchain Finance, accelerating the movement of assets and capital between these sectors. It does so with its Institutional Grade Fixed Income Marketplace, ZOTH-FI. This platform offers investors access to high-quality fixed-income assets such as Cross Border Trade Finance, Sovereign Government Bonds, and Corporate Credit via Stablecoins. Aimed at channeling trillions into sustainable Real World Assets (RWAs), Zoth enhances liquidity and facilitates efficient tokenization through robust, mutualized pools. The company prioritizes stringent regulatory compliance, ensuring secure and equitable access to finance globally across multiple jurisdictions.
Before a detailed security audit, Zoth's development team highlighted the ZothPool V3 module as a critical area for scrutiny. This module, built on the OpenZeppelin ERC-721 token standard, extends its capabilities to manage a lending pool where users can deposit funds, earn rewards, and influence pool parameters over specified periods. Given its central role in Zoth's operations, any vulnerabilities could severely impact the ecosystem. The audit was rigorously designed to probe for potential security breaches, including attack vectors and logical flaws, underscoring the importance of safeguarding financial processes. Comprehensive findings from the audit aimed to rectify immediate issues and fortify the overall resilience and efficiency of the ZothPool V3, ensuring its alignment with the financial stakes at hand.
Functional Testing:
Leveraged tools like Hardhat and Ganache to deploy and test the smart contract locally.
Highlights of Tests we carried out in Functional Testing
To ensure all functionalities of the Zoth ecosystem are working as expected; we conducted a series of functional tests. Here are the tests that were performed:
Ownership and Permissions:
Owner Control: Verified that only the contract owner can update referral fees and add sub-collections. Tests ensured these actions fail for unauthorized addresses.
Minting and Whitelisting:
Whitelist Disabling: Ensured the ability to disable whitelist minting and allow minting without proof.
Supply and Sales:
Selling Functionality: Confirmed the ability to sell all tokens using the designated function.
Token Management:
Token Transfers: Confirmed the ability to transfer tokens between addresses, with appropriate checks and reverts for exceeding limits.
Advanced Features:
Nested Collections: Verified proper handling of scenarios with or without nested collections.
Additional Functionalities:
Pool Management: Verified the ability to set project details, register owner pools, process referrals with discounts, distribute funds based on owner pools, and remove owner pools.
4. Automated Testing:
Utilized symbolic execution tools like Mythril to explore various code execution paths and uncover potential attack vectors.
5. Reporting & Remediation:
We initiated the audit with threat modelling, prioritizing areas based on the specific risks and potential attack vectors relevant to Zoth's Smart Contracts. Adopting a security-first approach, we focused on identifying and mitigating vulnerabilities beyond mere functionality testing. We conducted a thorough vulnerability assessment by integrating white-box and black-box testing methods. Throughout the audit process, we maintained transparent and open communication with the Zoth team, ensuring that all findings were clearly understood and recommendations were actionable. Emphasizing clarity, we concisely presented vulnerability descriptions and remediation steps to facilitate effective resolution.
Our focused audit identified key issues across high and medium severity categories, with additional lower severity and informational issues not detailed here. Key findings include:
These findings underscore the need for stringent checks and improved validation mechanisms to ensure the security and stability of the platform.
In conclusion, the Zoth audit served as a crucial step in enhancing there Smart Contracts security and operational efficiency. The identified issues, ranging from high to low severity, were systematically addressed, reinforcing the project’s commitment to user safety and protocol stability. The audit’s success underscores the importance of continuous security practices and collaborative efforts in maintaining a secure and reliable platform for users.
Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!