Summary
The MakerDAO zkSync-DAI Bridge is not yet deployed.
The most critical subjects covered in our audit are the functional correctness of the DAI bridging mechanism, the L2-DAI ERC-20 contract and the relay of governance spells, protection against censorship, and upgradeability.
Security regarding all other aforementioned subjects is high. However, users should be aware of the trust model, see Trust Model & Roles.
The general subjects covered are upgradeability, error handling, trustworthiness, documentation, and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO zkSync
MakerDAO implements a layer 2 DAI contract for zkSync 2.0, a ZK-rollup for Ethereum, along with DAI bridging contracts. That also includes contracts for sending governance spells from layer 1 to layer.
It must be noted that the bridge is not yet deployed.
The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance. Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)