The most critical subjects covered in our audit are the functional correctness of the bridging mechanism, security of the locked assets and the validation of withdrawals on the RootChain. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, efficiency and adherence to the implemented standards. Security regarding all the aforementioned subjects is high. The codebase however could be more consistent: Multiple similar contracts exist where the implementation of the same functionality differs slightly.
This review covered a system already deployed. The actual contracts deployed do not exactly correspond to the version audited, although the changes are mostly of cosmetic nature only. The compiler version + dependencies used are outdated, however no known bug affects the live contracts.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.