Digix Security Audit

We have completed an audit of the DigixDao smart contracts. During the audit process, performed by three security experts over four weeks, a set of contracts were reviewed with respect to a specification elicited by the ChainSecurity and Digix teams together. The full list of contracts and considered properties can be found in our audit report.

Download Audit Report

We have completed an audit of the DigixDao smart contracts. During the audit process, performed by three security experts over four weeks, a set of contracts were reviewed with respect to a specification elicited by the ChainSecurity and Digix teams together. The full list of contracts and considered properties can be found in our audit report.

Summary

The DAO voting system itself turned out to be well implemented and of high quality, in its functionality mostly following the previously published Governance whitepaper. A high degree of modularity was achieved in the code base introducing a clear overall structure.

Nonetheless, ChainSecurity managed to uncover several vulnerabilities and propose design improvements. Most notably, an unfortunately still common misuse of the EXTCODESIZE was originally present: Namely, using this opcode to detect that the message sender or transaction initiator is not a contract account, but an externally owned account. Given that such checks can be easily circumvented, this restriction cannot be relied upon to enforce proper access control even though there may be benign use cases. For more information of this,we are glad to point to the Smart Contract Best Practices to which ChainSecurity contributed for this issue.

As for the roles present in the DAO system, these distinguish mainly between the Digix administrative roles, initiators of proposals which are to be voted on by other users and finally the voters themselves. An overview of the roles and their conditional rights is provided in the
introductory section of the audit report.

Finally, ChainSecurity remarks that all vulnerabilities and issues were professionally and swiftly addressed by the Digix team and we are now curiously following further development and adoption of the project.

About Digix

Digix is one of the world’s first Smart Asset companies and aims to be the leading brand in tokenizing the world’s tangible assets.

Learn more about Digix Dao at https://digix.global/dgd/

We are extremely pleased with our choice. All the security auditors were great to work with and their services were professionally conducted. I would recommend ChainSecurity to anyone looking for top notch secure solutions for blockchains and smart contracts.
Shaun Djie, COO