MakerDAO: StarkNet-DAI-Bridge Security Audit

Download Audit Report
Summary

MakerDAO implements a layer 2 DAI contract for StarkNet, a ZK-Rollup for Ethereum, and DAI bridging contracts from the layer 1 to layer 2. That also includes contracts for sending governance spells from layer 1 to layer 2.

The most critical subjects covered in our audit are the functional correctness and security of the DAI bridging mechanism, the functional correctness of the L2-DAI ERC-20 contract, the protection against censorship, and the functional correctness of relaying governance spells.

The documentation of the project contains a risk section discussing potential threats which helps the overall security of the project.

The security and the functional correctness of the reviewed version of the smart contracts is high, all critical and high severity issues uncovered in previous iterations of the review have been fixed.

In summary, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project. Furthermore, due to the experimental nature of the L2 solution some risks remain.

The report will give an overview of the system, our methodology, the issues uncovered and how they have been addressed. 

About MakerDAO: StarkNet-DAI-Bridge

“StarkNet is a permissionless decentralized Rollup operating as an L2 network over Ethereum. StarkNet allows any dApp to achieve unlimited scale for its computation, without compromising Ethereum’s composability and security, thanks to its reliance on the safest and most scalable cryptographic proof system — STARK. StarkNet is built on the Cairo programming language, the first production-grade Turing complete von-Neumann verifier on Ethereum.”

(Source: https://medium.com/starkware/starknet-alpha-now-on-mainnet-4cf35efd1669)

 

“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”

(Source: https://awesome.makerdao.com/#beginner-guides)

I would like to thank CS for their diligent work on StarkNet version of DAI. Their input greatly helped us improve our codebase. Looking forward to working with them in the future!
Maciej Kamiński (software engineer @ MakerDAO)