The most critical subjects covered in our audit are functional correctness and memory consistency.
Security regarding all the aforementioned subjects is high.
The general subjects covered are a check of the specification and error handling. The specification is improvable, e.g. examples of encoded data can be added. Error handling is improved, after the fix of Assumptions on output from unsuccessful call.
In summary, we find that the codebase provides a good level of security. The remaining unfixed Complexity of Commands Effect Evaluation issue is fundamentally linked to the same risks as any other Ethereum transaction – however, the novelty of Enso-Weiroll requires additional tooling and user education to minimize this risk.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.