iExec v3 Security Audit

ChainSecurity has completed a security audit of the iExec V3 smart contracts. To find out more about the scope of the audit and considered properties, see our audit report.

Download Audit Report

ChainSecurity has completed a security audit of the iExec V3 smart contracts. To find out more about the scope of the audit and considered properties, see our audit report.

Summary

iExec provides a fully decentralized solution where providers of applications, datasets, and computational power can meet users. Due to its decentralized nature and the use of smart contracts, there is no need to rely on any one single agent. The new version of iExec introduces Proof-of-Contribution (PoCo). Honest contributions are ensured by staking, because bad actors will lose their stake. User interaction happens through the iExec market front-end. Users buy computational resources with specific apps and, if needed, datasets, while worker pool owners sell computational power. Payment and staking are carried out with RLC tokens. The user creating an order can set the confidence level desired; this corresponds to a minimum correctness likelihood that the result achieves.

The audit of iExec v3 smart contracts focused on verifying a set of invariants, both provided by iExec and augmented by ChainSecurity. The audit did not include a manual code review beyond the specified invariants, and therefore it is possible that unintended behavior not covered by the invariants is present in the contracts. Overall, ChainSecurity found that iExec employs good coding practices and has a clean, well-documented code. ChainSecurity raised minor security and design issues, all of which have been fixed in the latest code commit.

About iExec v3

iExec is a decentralized marketplace for computing resources. It allows individuals and enterprises to monetize their applications and datasets, and to trade computing power.

iExec is an open market. Cloud providers and requesters transact directly in a peer-to-peer network, free of any central authority. The company develops the technology and protocols that organize the exchanges between stakeholders, with the maximum level of trust, security and flexibility. To do so, iExec leverages blockchain technology, distributed computing and trusted execution environments (TEE). Payments between stakeholders are made in RLC, iExec’s cryptocurrency.

Learn more at iex.ec.

ChainSecurity provided an expert analysis and audit on each of the iExec V3 smart contracts (mainly the iexecHub and iexecClerk contracts). After an extensive review of thousands of lines of code, ChainSecurity produced a detailed report which is public and open for everyone to read. The iExec team would like to thank ChainSecurity for such a rigorous and detailed report!