Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. Security regarding functional correctness and access control is high, while security regarding asset solvency is improvable, see No Functionality to Recover From Bridge Failure.
The general subjects covered are code complexity, upgradeability, trustworthiness, documentation, and gas efficiency. Contracts in scope of this assessment are not upgradeable and have limited privileged roles. The code is well written. The documentation is improvable and the codebase could be more gas efficient, see Findings.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Frankencoin Smart Contracts
The Frankencoin system is a set of smart contracts that issue the Frankencoin (ZCHF) on-chain, a stablecoin that is supposed to be pegged to the Swiss Franc. Each Frankencoin minted is backed either by collateral assets or other trusted Swiss Franc stablecoins. The governance of the system is based on veto rights of shareholders that control at least 2% of the total voting power.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done!I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin