Summary
The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Herodotus on Starknet
Herodotus provides a bridge between Ethereum’s L1 and Starknet’s L2, allowing for trustless proofs of state and storage values of Ethereum accounts on Starknet. Data integrity is ensured through on-chain verification mechanisms leveraging Merkle Mountain Range (MMR) and Merkle Patricia Trie (MPT) verifications.
—
“Herodotus is a powerful data access middleware that provides smart contracts with synchronous access to current and historical on-chain data across Ethereum layers.”