Audit Complete: Tinyman’s New Liquid Staking Feature is Ready

Tinyman
3 min readNov 22, 2024

--

At Tinyman, we’re thrilled for the upcoming launch of incentivized consensus on Algorand. This is an important step toward greater decentralization and the long-term sustainability of the network. We’re proud to be a part of this evolution by introducing tALGO, the Liquid Staking Token. This new offering gives all ALGO holders the opportunity to contribute to Algorand’s security, earn staking rewards, and provide liquidity on Tinyman — all simultaneously.

Our Commitment to Security and Transparency

As always, security and transparency are at the heart of everything we do at Tinyman. Building on the success of our Tinyman Governance peer review process, we continued this practice with the audit of the tALGO Staking & Re-Staking contracts. We collaborated with a team of well-known, expert Algorand developers to ensure that our staking contracts meet the highest standards.

Audit Team

The following experts were involved in reviewing the tALGO contracts:

  • Mariano Dominguez — Vestige Labs
  • Kevin Wellenzohn & Hannes Mitterer — Blockshake/Defly
  • Steve Ferrigno (nullun) — Algorand Foundation Engineer & long-time Tinyman community member

Audit Process

We provided the reviewers with comprehensive documentation, including:

  • An overview of the system design and its intended functionality
  • Source code written in Tealish and the corresponding Teal code
  • Note: The audit did not include any user interfaces (UIs) or software development kits (SDKs).

The review process was designed to be collaborative and non-competitive. Team members shared their findings freely, encouraging open discussion and further investigation. At the end of the process, each reviewer submitted an independent report detailing their approach, findings, and any recommendations for improvements.

Compensation for Reviewers

The audit team was compensated in USDC from Tinyman’s development funds, reflecting our appreciation for their time and effort.

Findings & Recommendations

During the audit, the reviewers identified several issues of varying severity, all of which helped us refine and improve the code. These findings have been fully addressed, ensuring that the system is both secure and user-friendly. A summary of the findings, along with our responses and any changes made, can be found in the Appendix: Summary of Findings & Responses.

Key Design Considerations

While the contracts include permissioned methods, they are role-based and limited in scope. These were carefully considered to ensure that manager roles could not affect users’ principal stakes or previously earned rewards through any action or inaction — even if the manager account were compromised. The reviewers thoroughly analyzed the code from this perspective, helping us confirm that these goals were met.

Commendation for Transparency and Security

The review team commended Tinyman’s commitment to transparency and security, highlighting that the contracts are immutable and source available, ensuring the protocol’s integrity and openness.

Acknowledgments

We would like to extend our sincere thanks to the reviewers for their diligent efforts and valuable contributions. Their hard work has helped us create a more secure and robust protocol for the entire community.

Source Code & Specification Doc

The contract source code and full documentation for the tALGO Staking & Re-Staking system are publicly available here:

tALGO Source Code & Documentation

Review Reports

Appendix: Summary of Findings & Responses

The document below summarizes the findings from all the reviewers and includes our responses, as well as references to remediation steps where necessary.

Summary of Findings & Responses

Join Us on This Exciting New Journey!

With the audit now successfully completed, we’re almost ready to launch Liquid Staking. Are you ready to be part of this next big step?

Stay up to date and engage with us by joining our community on Discord or following us on Twitter for the latest news and updates.

Stay Connected and Get Involved!

--

--

Tinyman
Tinyman

Written by Tinyman

Tinyman is a re-imagined decentralized trading protocol that utilizes the fast and secure framework of the Algorand blockchain

No responses yet