Engage a 2nd auditing firm to conduct an audit on ONYX

Hello everyone,
Regrettably, Certik has suffered a loss of confidence among the community due to their recent audits becoming increasingly ineffective. The most recent rug in MerlinDex (a Camelot fork) on zkSync resulted in many developers voicing their discontent with Certik, as a growing number of protocols that they have audited are being exploited.

Consequently, I recommend that Onyx obtains a secondary audit from a more resilient firm such as Peckshield or Paladin.

Onyx might be a fork of compound, but it has NFTs lending on top of it as well.
A second audit will strengthen the Onyx platform security, and reassure investors and liquidity providers.


1 Like


It makes sense. Security is essential for Onyx and DeFi projects in general.

We’ll consider to audit Onyx platform with another security company. It’s not in a budget for the next qourtal, as we’ll busy with building a team and managing thing in order.

Yes, Onyx borrowed contracts from Compound, which are also bases on stress-tested OpenZeppelin contracts.

Note, second security audit will not guarantee safety as well. Security companies don’t take full responsibility.
Personally I don’t trust any security audits. The main rule for myself in blockchain field is that I take responsibility for my assets—DeFi are not banks!

Thank you for referencing Peckshield and Paladin, we’ll take them to the list.


Yeah . I have seen many projects being audited by multiple security Firms . but again it all depends on the team and they should be more responsible about security : )

Hello alex
Certik is being in the dramas of many protocols being audited and getting exploited right after by very obvious smart contracts bugs.
The last one mentioned by Atlas is the MerlinDex drama on zksync pointed can be found there https://twitter.com/AtlasIsMe/status/1652824501799854082

While I agree with you audits are not be blindly trusted, I think an audit from another firm is quite mandatory given all the history of Certik. It would be very hard to recover from an exploit

You’ll need to understand that audit firms are now swimming in money because there are so many worried people now and everyone is demanding other auditors. no need to spend a lot of money now, let the hype pass and then let’s think

I agree with this, we don’t need to hurry

true . each $ saved is each $ earned . Dao money should be used reasonably