Security Audits

TokenBridge Audit by Quantstamp (covers xDai bridge functionality)

Completed: January 8, 2020

Conclusion: All high risk issues resolved and low risk issues addressed. More information available in this post.

Contracts: Revised in version 3.3.0 to address audit. https://github.com/poanetwork/tokenbridge-contracts/releases/tag/3.3.0

DPOS (STAKE) Token by Quantstamp

Completed: September 5, 2019

Conclusion: All risks resolved.

Contracts: Version 1.0.1 addressed items in audit. https://github.com/xdaichain/stake-token/releases/tag/v1.0.1

When audited, the working name for the staking token was DPOS. This has since changed to STAKE. Additional minor changes have been made since the previous audit. We have conducted internal audits on these changes and an additional outside audit is in process.

STAKE (DPOS) Legal Opinion: The legal opinion was collected under the DPOS working title. The token is now renamed STAKE, but all other terms and conditions are the same. A new report will be issued shortly.

POSDAO Initial Security Audit by PepperSec

Completed: August 2019

Conclusion: All issues fixed or addressed. Due to scalability concerns, teams created a new methodology to accumulate and later “pull” their stakes and rewards instead of the “push” strategy as implemented in the audited version of the contracts.

Contracts: Version 0.1.0 addresses issues present in audit. https://github.com/poanetwork/posdao-contracts/releases/tag/v0.1.0