Introduction
We express our gratitude to the Analog team for the collaborative engagement that enabled the execution of this Security Assessment.
Analog is an innovative platform that introduces a groundbreaking approach to interoperability in the Web 3.0 ecosystem. It enables this advanced interoperability through the use of its unique GMP (Generic Message Passing) protocol, facilitating seamless communication and data exchange across various blockchain networks. Analog secures all operations and data through its Timechain distributed ledger, ensuring a high level of security and trustworthiness. This combination of innovative interoperability and robust security positions Analog at the forefront of developing decentralized solutions and applications for the future web.
| title | content |
|---|---|
| Platform | Analog |
| Language | Rust |
| Tags | Substrate, Threshold Signature Scheme, Interoperability |
| Timeline | 22/11/2023 - 29/03/2024 |
| Methodology | Blockchain Protocol and Security Analysis Methodology→ |
Review Scope | |
|---|---|
| Repository | https://github.com/Analog-Labs/testnet/→ |
| Commit | 3ba97bde46eac298fd61eba7ff5b5ef0078a3ebe |
Review Scope
- Repository
- https://github.com/Analog-Labs/testnet/→
- Commit
- 3ba97bde46eac298fd61eba7ff5b5ef0078a3ebe
Audit Summary
10/10
8/10
9/10
6/10
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Blockchain Protocol Code Review and Security Analysis Report for Analog |
| Audited By | Sofiane Akermoun, Nino Lipartiia, Nataliia Balashova |
| Approved By | Sofiane Akermoun |
| Website | https://www.analog.one/→ |
| Changelog | 23/01/2024 - Preliminary Report |
| Changelog | 29/03/2024 - Final Report |
Document
- Name
- Blockchain Protocol Code Review and Security Analysis Report for Analog
- Audited By
- Sofiane Akermoun, Nino Lipartiia, Nataliia Balashova
- Approved By
- Sofiane Akermoun
- Website
- https://www.analog.one/→
- Changelog
- 23/01/2024 - Preliminary Report
- Changelog
- 29/03/2024 - Final Report
System Overview
Timechain, based on the Substrate framework, is tasked with settling transactions received from Chronicle nodes. These transactions are subsequently processed using a Threshold Signature Scheme (TSS) among the participants, which ensures secure and efficient transaction handling. The core components are:
The Timechain Node
The Chronicle crate
The TSS crate
All these components are within the scope of this audit.
Executive Summary
Documentation quality
The total Documentation Quality score is 6 out of 10.
Adequate supplementary documentation was available.
Developers offered useful explanations during the audit process.
Additional source code documentation is needed for critical functions and core components for enhanced clarity.
Code quality
The total Code Quality score is 9 out of 10.
Exceptional quality standards are evident in the Rust code.
Substrate code maintains a notably high level of quality.
Weight and Benchmarks are implemented effectively.
The Mocked Runtime implementation exhibits comprehensive code coverage.
Presence of TODO comments in the code.
Architecture quality
The total Architecture Quality score is 8 out of 10.
Employment of the Substrate framework as the foundational infrastructure for the blockchain.
Effective interaction between Chronicle nodes and Timechain nodes, facilitated by a Threshold Signature Scheme.
Approach to achieving interoperability, characterized by its scalability through the addition of protocols and ease of upgrade.
Centralization aspects of the Chronicle node, while reducing the attack surface, raise considerations regarding the overall system's robustness.
Security score
Upon auditing, the code was found to contain 0 critical, 1 high, 1 medium, and 13 low severity issues. All security challenges were effectively resolved, securing a top-notch security rating of 10 out of 10. Two minor issues were identified but accepted and mitigated, as they present well-defined, low risks, aligning with rigorous risk management standards.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's blockchain protocol yields an overall score of 9.3 out of 10. This score reflects the combined evaluation of documentation, code quality, architecture quality, and security aspects of the project.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2023-0176 | Replay Attack and D.O.S. Vulnerability in submit_error Extrinsic | fixed | High | |
| F-2024-0448 | Logical Inconsistencies in Shard Status Handling | fixed | Medium | |
| F-2024-0515 | Integration of Custom P2P Networking Library | accepted | Low | |
| F-2024-0512 | Chronicle Crate Panic Caused by Mishandled PeerId | fixed | Low | |
| F-2024-0509 | Lack of Size Limitations on Error Messages in TaskState Storage Map for Failed Transactions | fixed | Low | |
| F-2024-0507 | Validation Gap for Pending Nodes in ROAST Protocol | fixed | Low | |
| F-2024-0447 | Panic in Shards Pallet due to Insufficient Error Handling in Group Commitment Computation | mitigated | Low | |
| F-2024-0445 | Unencrypted Storage of Chronicle's Secret Share | fixed | Low | |
| F-2023-0318 | Inconsistent Management of TaskPhaseState Across Task Cycles | fixed | Low | |
| F-2023-0313 | Memory Exhaustion Risk Due to Absence of Task Deletion Mechanism | accepted | Low |
Appendix 1. Severity Definitions
Severity | Description |
|---|---|
Critical | Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required. |
High | High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category. |
Medium | Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively. |
Low | Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system. |
Severity
- Critical
Description
- Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required.
Severity
- High
Description
- High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category.
Severity
- Medium
Description
- Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively.
Severity
- Low
Description
- Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system.
Appendix 2. Scope
The scope of the project includes the following components from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/Analog-Labs/testnet/→ |
| Commit | 3ba97bde46eac298fd61eba7ff5b5ef0078a3ebe |
| Whitepaper | https://www.analog.one/Analog-Timepaper.pdf→ |
Scope Details
- Repository
- https://github.com/Analog-Labs/testnet/→
- Commit
- 3ba97bde46eac298fd61eba7ff5b5ef0078a3ebe
Components in Scope
Cryptography and Keys
Cryptography Libraries
Keys Generation
Keystore storage
Asymmetric (Signing and Verification)
Substrate fork review
Review of all code changes and missing updates since Substrate clone date
Substrate client configuration review
Genesis & chain spec review
Consensus configuration
Substrate FRAME pallets usage review
chronicle crate review
tss crate review
Standard attacks review (replay, malleability,...)
Runtime & Pallets
Runtime implementation review
pallet-elections review
pallet-members review
pallet-shards review
pallet-tasks review
Attack scenarios analysis (Weight, race, stack, DoS, state implosion, access control bypass, overflow...)
Weights & Benchmarks
Weight values & benchmarks review
Substrate RPC
RPC implementation review
Attack scenarios analysis (defaults,DoS, overflows, ..)
Testing
Environment Setup
E2E sync tests
Fuzz tests