POA Network – “Stake Beacon Chain (SBC) deposit” Security Audit

Download Audit Report
Summary

ChainSecurity has performed a smart contract audit of POA Network’s SBC deposit (Stake Beacon Chain). The issues identified by ChainSecurity have all been corrected by POA Network.

POA Network offers a Stake Beacon Chain (SBC) deposit contract that is supposed to be used by stakers in the context of a Proof-of-Stake consensus. Stakers will first come to an agreement with a validator node about the amount to stake, then it will deposit the agreed-on stake amount to a deposit contract, such as the one proposed by POA Network.

The contract is based on the original Ethereum 2.0 deposit contract, but SBC Deposit adds extended functionality to it:

  • ERC20 deposits: Stakers can deposit ERC20 STAKE tokens instead of native tokens
  • batch deposits on top of normal deposits: batch deposits are fixed at 32 STAKE per deposit and normal deposits are floored to 1 STAKE
  • support for ERC677: Adds a hook on ERC20 tokens transfer to trigger token receiver
  • upgradeability: A proxy pattern is used to have the ability to upgrade the implementation contract
  • claimability: An admin is able to withdraw any mistakenly sent non-STAKE tokens (ERC20 or native) in order to give them back to their owners
  • contract can be paused: This functionality is only available for the admin

As the original contract, StakeDepositContract implements an incremental Merkle tree algorithm to keep track of the deposits’ history. It can contain up to 2^32 – 1 deposit records and allows root computation in O(log(n)).

About POA Network – “Stake Beacon Chain (SBC) deposit”

“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.

POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”

(Source: https://www.poa.network/)

“We keep coming back to Chain Security for our protocol and contract audits! Their team is top-notch, delivering comprehensive reviews, fast turnaround, and collaboration from start to finish to ensure our code is of the highest quality and as secure as possible.”
Igor Barinov, POA Network