Summary
The most critical subjects covered in our audit are the correctness of the accounting, asset solvency, access control and functional correctness. During the audit, the most important reported issues were:
– Replacing a Validator Eventually Blocks the System
– Usage of address(this).balance in restake Can Block the System that requires from Everstake to inject liquidity to correct the accounting in case of necessity.
The issues have been fixed during the second week of the audit.
Security regarding all the aforementioned subjects is satisfactory. Even though the probability of one of the validators getting slashed is low, slashing could occur. That would require manual, trust-based intervention, see Slashing is not taken into account and Trust Model.
The general subjects covered are documentation, unit testing, code complexity, and gas efficiency. Documentation has been greatly improved during the last iteration. Unit testing and testing in general is basic, a good test suite will help ensure corner cases are considered.
In summary, we find that the codebase provides a satisfactory level of security, provided the Trust Model.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Everstake – ETH B2C Staking
Everstake implements a pooled staking service for Ethereum, where the rewards are reinvested in the pool and the validators are managed by Everstake.
—
“Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018”
We wish to express our heartfelt gratitude for the remarkable collaboration and interaction we have experienced with ChainSecurity in the context of the Everstake ETH B2C Staking solution audit. The ChainSecurity team has consistently demonstrated an extraordinary level of expertise and professionalism, elevating every interaction with them to a level of genuine enjoyment and unparalleled productivity.
Bohdan Opryshko & Sergey Vasylchuk, COO & CEO @ Everstake