Background

Quarashi x Cybercope Audit and Consulting Case Study

Cyberscope Team
January 10, 2023
Quarashi x Cybercope Audit and Consulting Case Study

About Quarashi

Quarashi’s mission is to connect blockchain adopters worldwide. It has created a variety of features and applications in one single platform. The Quarashi ecosystem consists of Bridge, Vesting Claim, Staking, Multi Sender, and Markets Overview. It has also created a crypto wallet that allows users to secure, manage, and exchange cryptocurrencies. The wallet is available on Google Play. The Quarashi token is currently exchanged in many top-tier exchanges like MEXC and WhiteBIT.

The beginning

Quarashi was searching for an experienced audit firm to deal with all the different contracts, requirements, and networks. The collaboration with Cyberscope started by auditing the QUA token in the BSC network. Then, it proceeded with the other contracts across the different networks.

Cyberscope also helped the Quarashi team by increasing its reputation and bringing them new investors. This happened as a result of the KYC services that Quarashi used. As part of the KYC process, Cyberscope confirms the real identities of the project team. This way the Quarashi team provided an extra security layer for their investors.

You can find Quarashi’s KYC certificate here.

Quarashi Network Auditing Approach Cyberscope
Quarashi Network Auditing Approach Cyberscope

Smart Contract Audit of Different Applications

ERC-20

The QUA token that is deployed in the Ethereum network implements the standard ERC20 interface enriched with a vested functionality. Cyberscope team investigated all the aspects of the feature and all the resulting edge cases. More information about the audit report can be found in the official repository.

Read the initial report here.

BEP-20

The Quarashi ecosystem quickly expanded to the BSC network. They introduced their token, for which they were planning to create an IDO. Cyberscope helped the team to move the Ethereum token features to the BSC network. The requirement was to keep the same functionality that the Ethereum token has, but adjusted to the BSC network.

Read the full report here.

Bridge

One of the most important parts of the transition from Ethereum to BSC was the bridge functionality. This functionality allowed users to convert their tokens from one network to the other and vice versa. Bridges are one of the most vulnerable parts of the blockchain world since it is a complicated mechanism. This complexity is produced by the many sections that may be vulnerable in a Bridge application. Cyberscope’s team paid attention to various aspects like the way that the contracts are handling the signatures, the way that they validate the funds that are going to be transferred, and potential ways that an attacker could bypass the checks and the off-chain communication. Cyberscope and Quarashi teams had a great collaboration in order to address all the findings that came to the surface of the audit report.

Read the swap report here.

Vesting

Quarashi developers have a huge experience in building large-scale applications. The requirement for a robust audit report is not only helping the team to identify all the potential vulnerabilities, but also validating if the contract implements the expected business logic. This task requires iterations with both the executives and the development team. Cyberscope helped the Quarashi team to validate the proper operation of their vesting contract. The audit report mentions all the functionality that the vesting contract provides. The vest tiers, the initial lock-up period, the progressive unlocks, and the applicable users that have allocated vested tokens.

Read the vesting report here.

Staking ERC-20/BEP-20

Contracts with functionality similar to Stake and Bridge are one of the most targeted contracts for attacks. These kinds of contracts accumulate large amounts of tokens and most of the functions are publicly available to the users. This creates an attractive target for malicious users. Cyberscope has helped many firms to secure infrastructures and features like this one. One of these firms is the Quarashi network.

Read the ETH staking report here.

Read the BSC staking report here.

The results of the audit assessments were presented in reports, which outline the issues that were identified and provide recommendations for how to fix them. These reports are an important tool for the developers of smart contracts, as they help them to improve the quality and reliability of their contracts. They are also an important resource for the investors, as they provide assurance that the contract has been thoroughly tested and reviewed and that it is safe and reliable to use. Finally, the audit reports provide safety for the executives and stakeholders of the project that the contract is operating according to the business logic that they decided.

Thank you all audits will come to you. We will audit everything from now on.

Alexandru Petre, Founder & Project Lead

Cybersscope Cybersecurity and Web3.0 Consultancy
Cybersscope Cybersecurity and Web3.0 Consultancy

Cybersecurity & Web3.0 Consultancy

The collaboration between Cyberscope and Quarashi did not stop within the boundaries of the audit report. Cyberscope assisted and consulted the Quarashi team on many topics like liquidity pool mounting and tracing of unexpected transactions. Cyberscope also helped the Quarashi team to properly initialize and finalize their IDO with the configuration of the contract's parameters. Furthermore, they helped them to address various edge cases of the vesting contract. Finally, Cyberscope played a crucial part in assisting them to resolve common issues like the exact timestamp that the amounts will be released and the validation of the vesting schedule.

Audit assessments of smart contracts are important because they help to ensure the correctness, security, and efficiency of the contract. An audit assessment involves a thorough review of the smart contract code by a team of experts. These experts will analyze the code to identify any potential vulnerabilities or bugs that could affect the contract's performance. They will also review the contract to ensure that it is efficient and optimized for execution on the blockchain. In Cyberscope this task is the number one priority. Since the success of a project is our success.

The most important part of Cyberscope's work is to communicate their findings and recommendations clearly to the relevant stakeholders and to work with the development team to address any issues that are identified.

Summary

The lack of cybersecurity in smart contracts can lead to potential losses in several ways. First, if a smart contract has vulnerabilities or is not properly secured, it may be susceptible to attack by hackers. Hackers may be able to exploit these vulnerabilities to steal funds or sensitive information that is stored within the contract. This can result in significant financial loss for the users of the contract.

In addition to financial loss, the lack of cybersecurity in smart contracts can also lead to reputational damage. If a smart contract is hacked or otherwise compromised, it can create a lack of trust in the contract and the parties involved. This can make it difficult for the parties to use the contract in the future, or to engage in similar types of transactions.

Furthermore, the lack of cybersecurity in smart contracts can also have broader implications for the use of blockchain technology. If smart contracts are perceived as being unreliable or insecure, it may discourage the wider adoption of blockchain technology and its potential benefits.

It is important for smart contracts to be properly secured and tested to ensure that they are safe and reliable for use. This includes conducting regular audit assessments and implementing robust cybersecurity measures to protect against potential attacks.

In Cyberscope we take security principles extremely seriously. As we did with the Quarashi ecosystem, we can help any project by securing its infrastructure and by providing any kind of cybersecurity or Web3.0 consultancy. If you want to learn more, feel free to send us a message at: [email protected].

Tags :
2023,
CASE STUDIES
Share :
Background

Subscribe To Our Newsletter

Stay updated with the latest hacks, threats, security best practices, and educational content in the crypto world right in your inbox!