Aviator

We express our gratitude to the Aviator team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

SkyBridge by Aviator Technologies, LLC is a custom bridge and launchpad solution between the Ethereum Layer-1 and the Base Layer-2 networks that supports any arbitrary ERC-20 token.

The system users should acknowledge all the risks summed up in the risks section of the report

SkyBridge is a custom bridge and launchpad solution between the Ethereum Layer-1 and the Base Layer-2 networks that supports any arbitrary ERC-20 token. with the following contracts:

• L1AviERC721Bridge.sol  — is the bridging of ERC721 tokens between different domains (such as Ethereum Layer 1 and Layer 2 networks).

• L1Bridge.sol — is responsible for transferring ETH and ERC20 tokens between L1 and L2. In the case that an ERC20 token is native to L1, it will be escrowed within this contract.

• LiquidityPool.sol — is utilized to provide a central place to hold funds for fast bridging and the fees from Layer 1 to Layer 2 transfers.

• L2AviERC721Bridge.sol — is a contract that works together with the L2 ERC721 bridge to make it possible to transfer ERC721 tokens from Ethereum to Optimism. This contract acts as an escrow for ERC721 tokens deposited into L2.

• L2Bridge.sol — is responsible for transferring ETH and ERC20 tokens between L1 and L2. In the case that an ERC20 token is native to L2, it will be escrowed within this contract. If the ERC20 token is native to L1, it will be burnt.

• AviPredeploys.sol — it contains constants representing predeployed contract addresses on Layer 1 (L1) and Layer 2 (L2) networks.

• AviBridge.sol — is a base contract for the L1 and L2 standard ERC20 bridges. It handles the core bridging logic, including escrowing tokens that are native to the local chain and minting/burning tokens that are native to the remote chain.

• AviERC721Bridge.sol — it serves as a base contract for both the Layer 1 (L1) and Layer 2 (L2) ERC721 bridges within the Avi ecosystem.

Privileged roles

• Bridge Admin: Full control over the bridges. Able to change the fee structure, change the address of the liquidity pool, and other bridges, commit the fast withdrawals using the liquidity from the liquidity pool.

The total Documentation Quality score is 10 out of 10.

• Functional requirements are provided.

• Technical requirements are provided.

The total Code Quality score is 10 out of 10.

Code coverage of the project is 100% (branch coverage).

• The contracts and libraries are tested thoroughly.

Upon auditing, the code was found to contain 0 critical, 1 high, 1 medium, and 1 low severity issues, leading to a security score of 4 out of 10. Upon the retest, all issues were fixed resulting in the final score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 10. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope