ChainSecurity Ltd has completed a security audit of the POA Network. Four security experts from ChainSecurity Ltd investigated the code in depth over the peroid of two months. The full audit report details the specifications which have been checked, the considered properties and our findings.
Summary
POA Network is building a Proof of Authority sidechain to Ethereum to facilitate secure, fast, and cheap transactions while being fully compatible with the existing Ethereum ecosystem. A cross-chain bridge allows easy transfer of tokens from a POA Network chain onto the main Ethereum chain and vice-versa. The POA Network system consists of many connected open-source components. Smart contracts form the core and give strong guarantees, dApps and APIs allow for easy access and a custom parity client is running an efficient Proof of Authority based version of Ethereum using the Aura consensus. The audit focused on the core part, the smart contracts deployed on POA Network.
Our audit investigated technical issues such as the initialization of keys and their distribution, the requirements of the validator set, and the upgradability of the smart contracts. We also looked into the reward system and the overall governance to check their soundness and design.
Overall, the ChainSecurity Ltd team found that POA Network is a very well-coded complex system with clean documentation. During the audit, several issues have been found by ChainSecurity Ltd and successfully addressed by POA Network. ChainSecurity Ltd sees no remaining security issues in the current version.