Scope of Audit

On January 4, 2024, Banyan Collective engaged Guvenkaya to provide audits for Potlock contracts and it was completed with revisions from the Potlock engineering team by January 30th, 2024.

As part of the audit Guvenkaya review Potlock’s Donation (for direct donations with on chain referral) Pot, for quadratic funding, Pot-Factory (that makes quadratic funding contracts), Registry (for approving and registering accounts), and Sybil/Nada.bot (for aggregating sybil providers). All major vulnerabilities were resolved

To view the full report https://github.com/Guvenkaya/public-reports/blob/master/Potlock-NEAR-Rust-Smart-Contract-Security-Assessment.pdf

Guvenkaya

Guvenkaya is a security research firm specializing in Rust security, Web3 security of Rust-based protocols, and Web2 security. With our expertise, we provide both security auditing services and custom security solutions. Founded by Timur Guvenkaya, a former security engineer at Invicti Security and lead of Halborn Security’s Rust security teams. Through his work, he has improved the security of many notable Web2 and Web3 projects. Additionally, he created the NEAR Rust Smart Contract Security course.

Future of Security

With quadratic funding rounds launching this month, we are prioritizing security. At Potlock we pride ourselves in developing secure open source funding mechanisms, and will continue to do so in public. If you find any issues with any contracts please report here or contact support@potlock.org for responsible disclosure.