The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.