Zokyo Audits IOTA Smart Contracts with Perfect Scoring

TL;DR:
In preparation for the IOTA EVM release, security auditing firm Zokyo finalized the IOTA Smart Contracts (ISC) code audits. The code scored a perfect 100 points across Security, Business Logic, and Technical Risks.

Security is a pivotal aspect of every crypto protocol. To ensure that the IOTA Smart Contracts are secure, IOTA EVM underwent an audit in March 2024 by Zokyo, a security auditing firm and venture studio that builds, funds, and secures crypto, DeFi, and NFT companies. Besides looking for possible security issues in the smart contracts, Zokyo also evaluated business logic and technical risks associated with the contracts. We’re pleased to report that IOTA EVM scored a perfect 100 points in the audit. You can find a detailed overview of the audit here.

Zokyo checked that the IOTA Smart Contracts Protocol Contracts follow best practices in code readability, are not affected by recent vulnerabilities, and use methods that are safe from reentrance attacks. Furthermore, Zokyo assessed if the contracts implement and adhere to existing standards appropriately and effectively and if best practices are being followed, to avoid unnecessary waste.

The security audit marks one of the final and most important steps in preparation for the launch of IOTA EVM.

The IOTA EVM Audit in Detail

IOTA EVM passed Zokyo’s audit with a perfect score of 100 points. Zokyo organizes findings in a descending order of:

  • Critical: The issue affects the contract in such a way that funds may be lost
  • High: The issue affects the ability of the contract to compile or operate
  • Medium: The issue affects the ability of the contract in a way that doesn’t significantly hinder its behavior.
  • Low: The issue has minimal impact on the contract’s ability to operate.
  • Informational: The issue has no impact on the contract’s ability to operate.

In its audit of IOTA EVM, Zokyo found no Critical, High, Medium, or Low issues. Zokyo only found 11 “Informational” issues, most related to non-declared visibility of specific constants or variables. After the issues were fixed by IOTA’s smart contracts team, IOTA EVM scored a perfect 100 points.

The following code parts were reviewed (link):

  • core
  • execution
  • gas
  • processors
  • sandbox
  • viewcontext
  • vmexceptions
  • vmimpl
  • vmtxbuilder
  • vmtypes

Security Audit and the Future of IOTA EVM

The successful completion of the Zokyo security audit marks another step to the full IOTA EVM release, empowering global protocols, DeFi innovators, and users alike to create a flourishing ecosystem with top-tier security. Zokyo’s audit proves that IOTA’s smart contracts comply with the highest security standards and work smoothly.

You can read the whole report here

Links in this article

Follow us on our official channels for the latest updates:
Discord | Twitter | LinkedIn | Instagram | YouTube |

Tags

IOTA Foundation

Official posts from the IOTA Foundation, and migrated posts from old platforms.

Recommended for you

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.