ChainSecurity has completed a security audit of the Republic Protocol project. Four security experts from our team were involved in the audit, which took fifteen days to complete. See the full report to learn more about the scope of the audit and considered properties.
Republic Protocol is a decentralized open-source dark pool protocol facilitating atomic swaps between cryptocurrency pairs across the Bitcoin and Ethereum blockchains. Trades are placed on a hidden order book and are matched through an engine built on a multi-party computation protocol. While the order matching engine is placed off-chain, trade orders themselves are first encrypted and committed on-chain and then later revealed after matching. This ensures that once the information becomes public the trade already happened and allows to monitor matching nodes for malicious activity and retrospectively challenge their bond when they were misbehaving.
Our audit investigated the Republic Protocol itself, which allows for custom settlement solutions to be used by future participating brokers, as well as the reference implementation of a full Dark pool by the team called RenEx. During the investigation ChainSecurity noted that the project is of high quality, employs good coding practices and has clean, well-documented code which is impressive considering the complexity of the project.
While the audit was scoped, a specification covering core parts of the system was derived by both teams and verified under a set of general and adversarial assumptions and an attacker model. All of the previous is clearly defined in the whitepaper and audit report. ChainSecurity was able to propose several design optimizations and improvements, but more so uncover several vulnerabilities of varying severity. These were swiftly reviewed and addressed by the Republic Protocol team, leading to a more resilient, efficient and secure system.
We are excited to follow the further development of the Republic Protocol and the adoption of their trading pools.