Angel Giving engaged FYEO to perform a secure code review of their smart contracts. Angel Giving aims to democratize access to financial opportunity for nonprofits of all-sizes around the world by enabling easy creation and integration of tokenized financial products such as endowments & donor-advised funds.
Focusing on underserved organizations doing impactful work in their local areas, Angel Giving connects donors, nonprofits, and socially conscious business champions. It offers user-friendly smart contracts secured by the blockchain & complimented by everything donors and nonprofits expect from traditional fundraising technology, providing all the benefits of blockchain while abstracting away the complexity. Extending beyond nonprofits with their impact infrastructure, Angel Giving empowers social entrepreneurs & impact enterprises to pool funds globally, invest collectively, and customize parameters without coding.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings & Report
During the Secure Code Review of Angel Giving’sevm-smart-contracts, we discovered:
12 findings with HIGH severity rating.
4 findings with MEDIUM severity rating.
5 findings with LOW severity rating.
11 findings with INFORMATIONAL severity rating.
Following the audit, the Angel Giving team worked in conjunction with the FYEO team to remediate all security vulnerabilities identified.
Please see the attached full report to learn more!