Over the last few weeks, I’ve been working with the Raiden development team in charge of the upcoming token auction. Many things have been improved during these weeks and at this point I consider that the contract is of high quality and holds the necessary security mechanisms to be considered safe for deployment and use on the mainnet.

The last commit reviewed was: 13b97b2d667ccb1c4901288671384d7f8195632f

Tag: audited_contracts_jordi

Some of the suggested and corrected issues can be seen here.

How it works

The auction will be done in a reverse auction similar to the Gnosis token auction but with some important differences. You can read the exact working details here.

The total number of tokens will be fixed, and the price of the token will decrease with time until the total collected ether is greater than or equal to the price at that time multiplied by the total number of tokens being sold.

Once this equilibrium is reached, the tokens will be distributed in a second phase to the token holders in proportion to the ether they sent.

Security

From the security point of view, the ether sent during the auction only passes through the auction contract, being forwarded straight to the multisig. This greatly minimizes the probability of having any massive losses of ether to any security flaws. And in such case where a security issue does occur, it would always be possible to return the ether back and start over, or create a token with a manual distribution according to the transactions recorded in the blockchain.

Some notes for token holders

The use of the auction contract will be linked to specific terms and conditions which you will be able to read on the website of the auction as soon as it goes live. Sending ether to this contract, assumes that you fully trust the Raiden team. They will have all the ether raised in their multisig, so they will be able to do whatever they want with it. If malicious, they can take the money and run, but they can also do some tricks like recycle the ether received in their multisig to buy tokens in the auction and advance the end of the auction. I’m convinced they are not going to do this, but there is nothing that prevents doing these things in the smart contracts. Tokens will not be sent until seven days later after the auction ends, this will be done by the Raiden team, but tokens will be able to be claimed by each invididual token holder if they don’t send the tokens. This auction depends on many parameters that will be defined upon deployment. It’s important to be aware of these parameters to understand their implication on the auction, especially the price curve. This auction is not started at a specific block, but with a transaction from the Raiden team. This gives an advantage to the owner of the contract. This should not be a big issue because of the economics of the reverse action, but you should be aware of when this transaction will be called. The quantity of ether sent to the auction contract is limited to 25 ETH per account. There is a whitelist mechanism where the Raiden team can remove this limit for specific accounts. If you want to send more than 25 ETH, you should wait for more information on their KYC process which will be released soon. [EDIT NOTE: At deploy time, this value was changed to 2.5 ETH]

Limitations of this work

I didn’t audit the GNOSIS multisig wallet source code they are going to use to hold the ether. I didn’t make any low level reviews of the assembly code generated by the solidity compiler. The code has many tests and is well commented, but my work didn’t consist of writing an independent set of tests. I just read the code and commented on all of the issues that I found. I didn’t verify the deployment of the contract. I just made an audit of the smart contracts. I’m not making any evaluation of the project.

Smart contract security audits like this one, reduce the risks of any smart contracts issues, but they do not warranty bug-free code. I encourage the community, especially the Raiden community that will be using these contracts, to continue to analyze them and to inform themselves before interacting with these or any other smart contracts.