ChainSecurity Ltd has completed a security audit of the iExec V3 smart contracts. To find out more about the scope of the audit and considered properties, see our audit report.
iExec provides a fully decentralized solution where providers of applications, datasets, and computational power can meet users. Due to its decentralized nature and the use of smart contracts, there is no need to rely on any one single agent. The new version of iExec introduces Proof-of-Contribution (PoCo). Honest contributions are ensured by staking, because bad actors will lose their stake. User interaction happens through the iExec market front-end. Users buy computational resources with specific apps and, if needed, datasets, while worker pool owners sell computational power. Payment and staking are carried out with RLC tokens. The user creating an order can set the confidence level desired; this corresponds to a minimum correctness likelihood that the result achieves.
The audit of iExec v3 smart contracts focused on verifying a set of invariants, both provided by iExec and augmented by ChainSecurity Ltd. The audit did not include a manual code review beyond the specified invariants, and therefore it is possible that unintended behavior not covered by the invariants is present in the contracts. Overall, ChainSecurity Ltd found that iExec employs good coding practices and has a clean, well-documented code. ChainSecurity Ltd raised minor security and design issues, all of which have been fixed in the latest code commit.