We believe in transparency, accountability, and ensuring the highest level of security for our users. In line with these principles and responsible development standards, we’ve implemented two main security measures:
- To allow for testing with no financial risk, we released a first version of the Mintera App and Green Mining Yield (GMY) product on testnet.
- To mitigate risks associated with smart contracts, we wanted to complete the audit of the GMY smart contract before deploying it on Arbitrum mainnet.
We are thrilled to announce that the GMY smart contract has successfully undergone a comprehensive audit by third-party cybersecurity firm Black Paper. We are proud to share that the audit has validated the robustness and reliability of our smart contract, and to share exclusive details about our technical roadmap.
You can find the final audit report here.
About Black Paper
Black Paper is an up-and-coming French cybersecurity firm with strong expertise in conducting comprehensive audits of smart contracts and blockchain systems.
Mintera made the choice to partner with Black Paper due to the advantages of their flexibility and agility compared to larger, more rigid organizations – which fits our current need for exceptional reactivity.
The success of this operation has solidified our confidence in Black Paper, and we are excited to continue our close collaboration with them in the future. In fact, we have already begun outlining new plans together, exploring additional ways to enhance our existing products, as explained later in this article.
The Audit Process
The decision to partner with Black Paper has facilitated a dynamic and collaborative process throughout the audit. Black Paper’s team has demonstrated exceptional responsiveness and adaptability, allowing for continued communication and an iterative exchange of ideas.
More precisely, the audit conducted by Black Paper was a meticulous and rigorous examination of the GMY smart contract’s codebase, functionality, and overall security. Their team of experts blockchain developers assessed potential vulnerabilities, scrutinized the contract’s logic, and evaluated its resilience against potential attack vectors.
The audit was conducted over several weeks in close collaboration with our technical team and our CTO Benjamin Jornet, the architect behind the GMY smart contract.
Key Findings and Highlights
The final audit by Black Paper affirmed the integrity and reliability of the GMY smart contract by confirming that all known vulnerabilities have been fixed.
The key findings of the audit included several vulnerabilities of varying severity, ranging from critical to informational. The final review includes all identified vulnerabilities and how they have now been fixed, as detailed in the report’s Status sections.
This audit serves as validation that the GMY smart contract has undergone rigorous scrutiny by leading experts and is now ready to be deployed on mainnet.
Therefore, we are now ready to enter the final step: deploying the Mintera App on mainnet. We are aiming for an official release on June 8th.
Differences between testnet GMY and mainnet GMY
In order to mitigate an identified risk of front-running attacks from malicious participants, the GMY smart contract on mainnet will implement one significant UX change compared to the testnet version.
Instead of allowing staking and claiming anytime, there will be three distinct periods within a one-month cycle:
- A staking period, when users can stake their MNTE (expected duration: 15 days).
- A distribution period, when rewards are added to the GMY smart contract and distributed to stakers (expected duration: 5 days).
- A claiming period, when users can claim and withdraw from the GMY smart contract (expected duration: 10 days).
See our dedicated documentation for more information.
As detailed in the audit report, this new system was identified as the best way to fix known vulnerabilities and ensure the integrity of the contract without requiring a complete overhaul that would postpone the mainnet release of GMY until a later date.
However, we recognize that this is not optimal from a user experience standpoint. The good news is that we already know how to rework the GMY smart contract to remove the need for the 3 periods system.
V2 of the smart contract already on the horizon
We are happy to confirm that we are already proactively working on the V2 of the smart contract to provide a truly user-friendly solution while maintaining the highest level of security for our users.
However, removing the need for the 3 periods system requires significant changes in the inner workings of the GMY smart contract.
These changes will include cutting-edge, in-house technological innovations, including on-chain staking temporality. Generally, another innovation and also challenge of GMY is that unlike the vast majority of on-chain staking systems, the asset staked (MNTE) differs from the asset rewarded (USDT).
We plan to contribute to the ecosystem by proposing these innovations as a new Ethereum Standard of the ERC category, which designates application-level standards and conventions. The staking contract V2 will be submitted to the Ethereum Foundation as an Ethereum Improvement Proposal (EIP), to be discussed by the developers community through a standard process.
Black Paper will be our partner of choice in that process and we will keep working closely together to propose a version that meets the highest quality and security standards.
We estimate the mainnet deployment of the V2 to Q3 2023, and we will ensure a smooth migration from V1 to V2 for all users.
Closing thoughts
We would like to express our gratitude to Black Paper for their professionalism, expertise, and thoroughness throughout the audit process. Their evaluation has further strengthened our confidence in the security and reliability of the Mintera App.
Moving forward, we will continue to prioritize security and take proactive measures to safeguard our users assets. We remain steadfast in our commitment to transparency and accountability, and we will continue our work to build a strong presence in the DeFi and ReFi landscape.
We will organize an AMA with our CTO Benjamin Jornet on the Mintera Discord channel soon to answer all technical questions that you might have. Join the channel now to receive all relevant notifications.