README.md

README

NEAR Audit Database

Audits

Public Audits in the NEAR Ecosystem. Make a PR to add additional ones, this is a work in progress, got lazy not even close to finishing.

To-do

• Finish finding all audits
• Backup all the audits on Arweave + IPFS and archive all instances of audit on wayback machine
• Work with ecosystem aggregator like NEAR Horizon to reference audits
• Compile all the exploits
• Format all sexy
• Let projects and NEAR Founders know to make a PR
• Contact all projects without audits and let them know they can’t be lacking in these streets like that
• Publish this on BOS
• try to get funding for all these unaudited projects from NF or ……. lol

🔑 Key

• ✅ audit public, doesn’t mean no vulnerabilities, and doesn't mean audit has been checked or its been by firm listed below, just that it exists. This also doesn’t mean that an audit was done for all smart contract and dApp functionality.
• 📦 audit may exist somewhere but private. Or publicly mentioned an audit but the audit isnt public.
• 👀 = looking for an audit make a PR
• 🟡 = getting an audit
• 😡 = as of last talking to team no audit

Infrastructure

Protocol	Audit stage	Audited By	Date	Report
Aurora Staking Farm
Octopus Network - App Chain Anchor	✅	Blocksec	July 10, 2022	Click here
Rainbow Bridge Smart Contract	✅	Blaize Security	October 5, 2022	Click here
Proximity Labs - NearETH - NETH	✅	OtterSec	May 06, 2022	Click here
AstroDAO	👀
Keypom

DeFi

Protocol	Audit stage	Audited By	Date	Description	Report
Tonic	✅	Veridise	February 13 2023		Click Here
v2.ref-finance.near v2.ref-farming.near (1)	✅	Jita	March 2022	All ref audits here	Click here
v2.ref-finance.near v2.ref-farming.near (2)	✅	Jita	May 2022		Click here
Ref DCL Contracts (1)	✅	Blocksec	Dec 9, 2022		Click here
Ref DCL Contracts (2)	✅	Blocksec	Feb 10, 2023		Click here
xRef Token Contract	✅	Blocksec	October 12, 2022		Click here
Ref Exchange (1)	✅	Blocksec	Nov 2, 2022		Click here
Ref Exchange (2)	✅	Blocksec	Nov 20, 2022		Click here
Ref-ve	✅	Blocksec	July 14, 202		Click here
Ref-Boost-Farm	✅	Blocksec	July 26, 2022		Click here
Pembrock	✅	BlockSec	June 27th, 2021		Click here
Stader	✅	OtterSec	September 09, 2022		Click here
Metapool	✅	Blocksec	March 1, 2022		Click here
Metapool - AuroraStNEAR	✅	BlockSec	March 20th, 2022		Click here
Orderly	📦	Halborn			📦
Orderly	✅	Certik	Sep 16th, 2022		Click here
Spin Finance	✅	BlockApex	July 19, 2022		Click here
Burrow Finance	✅	BlockSec			Click here
Burrow Finance	✅	BlockSec			Click here
JumpDeFi	👀
Jumbo.Exchange	👀
HideYourCash	😡

Wallets

Protocol	Audit stage	Audited By	Date	Report
Sender Wallet - Android	✅	Slowmist	July 15, 2022	Click here
Sender Wallet - iOS	✅	Slowmist	July 15, 2022	Click here
Sender Wallet - Browser Extension	✅	Slowmist	July 6, 2022	Click here
Meteor Wallet	👀
HERE Wallet Liquid Staking	✅	OtterSec	January 6, 2023	Click here
MyNEARWallet	👀
Wallet.near.org
NEARFi Wallet	👀
Salmon Wallet	😡
Welldone Wallet	👀
Nightly Wallet - NEAR	:eye
Opto Wallet - NEAR
Math Wallet - NEAR	👀
Narwallets	👀
Coin98 Wallet	👀
Metamask Snaps (NEAR Snap)	😡
Finer Wallet	👀
xDeFI Wallet	👀

NFT

Protocol	Audit stage	Audited By	Date	Report
FewNFar	👀
Mintbase	👀
Paras.id	👀
Tradeport.xyz	👀

Gaming

Protocol	Audit stage	Audited By	Date	Report
PlayEmber	👀

Bridges

Protocol	Audit stage	Audited By	Date	Report
Wormhole	✅	OtterSec	August 26, 2022	Click here
Allbridge
XP.network

🪲 Bug Bounty Programs

Protocol	Bug Bounty Page
NEAR General	Bug Bounty Program For Near - HackenProof
Aurora	Buy Bounty Program for Aurora - HackenProof
Ref finance	Bug Bounty Ref Finance - ImmuneFi
SweatCoin	Sweat Economy Bug Bounties - Immunefi
Stader on NEAR	Stader for NEAR Bug Bounties - Immunefi

Known NEAR Auditing Firms

Firms that are known for auditing NEAR dApps & Contracts

Firm	Public Audits
Veridise	Click here
Ottersec	Click here
FYEO
Kudelski
Sigma Prime	Click here
Chain Security
Block Security
Halborn	Click here

Firms That Audits Have Failed to Detect Critical Vulnerabilities

dont slip up and get added to this list

Exploits

• Skyward Finance 2022

Slip Ups

Description	Link
Near Protocol Discloses Wallet Breach That May Have Exposed Private Keys	Decrypt