The Fx-Portal allows to seamlessly bridge data between Ethereum and Polygon. Projects can simply build on the provided base contracts and use the provided functions to send/receive messages. Several example implementations are part of the repository, demonstrating the use for a simple state transfer or for bridging tokens.
The most critical aspects covered in our audit are security and functional correctness. For the core part, the mechanism and base contracts of the Fx-Portal, security regarding all the aforementioned aspects is high. The examples, while they showcase the use of the Fx-Portal contracts, lack documentation. Considering that projects may build on top of such example contracts, their functionality / limitations should be properly documented.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.