Summary
The most critical subjects covered in our audit are the security of the funds and the liveness and correctness of the bridging process. Only minor issues were uncovered. Security regarding all the aforementioned subjects is high.
The general subjects covered are the efficiency of the implementation, centralization, specification, documentation, and testing. The efficiency of the implementation could be improved in some cases. The centralization of the system is very high. This means that the admins of the system are in full control of the funds on the bridge and Tron. Specification and documentation are sufficient as well as unit testing.End-to-end testing seems to not be sufficient. This is particularly important given that TronVM might differ from Ethereum in unexpected ways.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Tron-peg USD Coin (USDC)
JustCrypto launches a Tron-peg USDC token on Tron Chain and implements a bridge between Ethereum and Tron to allow users to transfer USDC between the two chains. Users' assets are locked on TronUSDCBridge contract controlled by TronUSDCBridgeController. An operator of the bridge then mints an appropriate amount of USDC on Tron. Tron USDC is controlled by the USDCController.