Introduction
We express our gratitude to the Archethic team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
Archethic (UCO) is a groundbreaking Layer 1 biometric blockchain with 11 revolutionary patents, integrating blockchain and biometrics for unparalleled security and privacy. It features a unique consensus algorithm and a patented biometric cold wallet, ensuring unmatched security, scalability, and a seamless user experience. AeBridge is a pioneering bridge solution that enables users to handle fund transfers between EVM and the Archethic chain, enhancing interoperability and expanding the capabilities of the Archethic ecosystem.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for Archethic |
| Audited By | Turgay Arda Usman, Grzegorz Trawiński |
| Approved By | Ataberk Yavuzer |
| Website | https://www.archethic.net→ |
| Changelog | 04/07/2024 - Preliminary Report |
| 12/07/2024 - Final Report | |
| Platform | Ethereum, Archetic, BSC, Polygon |
| Language | Solidity |
| Tags | Bridge, ERC20, Atomic Swap |
| Methodology | https://hackenio.cc/sc_methodology→ |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Archethic
- Audited By
- Turgay Arda Usman, Grzegorz Trawiński
- Approved By
- Ataberk Yavuzer
- Website
- https://www.archethic.net→
- Changelog
- 04/07/2024 - Preliminary Report
- 12/07/2024 - Final Report
- Platform
- Ethereum, Archetic, BSC, Polygon
- Language
- Solidity
- Tags
- Bridge, ERC20, Atomic Swap
- Methodology
- https://hackenio.cc/sc_methodology→
Review Scope | |
|---|---|
| Repository | https://github.com/archethic-foundation/bridge-contracts/tree/11cf88221d00c9ea029ae5a4cf08f14705199ce1→ |
| Commit | 11cf882 |
Review Scope
- Commit
- 11cf882
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Functional requirements are partially provided.
Technical description is partially provided.
Code quality
The code mostly follows style guides and best practices.
See informational issues and observations for more details.
The development environment is configured.
Test coverage
Code coverage of the project is around 73.08% (branch coverage).
System Overview
aeBridge is a p2p Bridge solution that aims its users to handle funds transfers between EVM and Archethic chain. It has the following contracts:
HTLC_ERC — HTLC contract customized for ERC20 transfers.
PoolBase — Pool to manage assets for Archethic's bridge on EVM's side.
ETHPool — Pool to manage ETH asset for Archethic's bridge on EVM's side.
ERCPool — Pool to manage ERC assets for Archethic's bridge on EVM's side.
ChargeableHTLC_ERC — HTLC contract with chargeable fee towards pool's safety module.
ChargeableHTLC_ETH — HTLC contract with chargeable fee towards pool's safety module.
HTLCBase — base logic for HashTime-Lock Contract.
SignedHTLC_ERC — HTLC contract with signature verification before withdraw for ERC20 swap.
SignedHTLC_ETH — HTLC contract with signature verification before withdraw for ether swap
Privileged roles
The owner of the BasePool can upgrade the contract, lock and unlock the contract, update lock time period, and update Archetic Pool signer address.
Other contracts are permissionless.
Risks
The use of tx.origin to set the from address in the ChargeableHTLC_ERC constructor poses a significant security risk, as it can expose the contract to phishing and reentrancy attacks. Specifically, tx.origin refers to the original external account that initiated the transaction, which can be manipulated in scenarios where multiple contracts interact. This can lead to unauthorized actions if a malicious contract tricks a user into initiating a transaction, causing tx.origin to be the user's address instead of the intended contract.
The audit does not cover all code in the repository. Contracts outside the audit scope may introduce vulnerabilities, potentially impacting the overall security due to the interconnected nature of smart contracts.
The functioning of the system significantly relies on specific external contracts. Any flaws or vulnerabilities in these contracts adversely affect the audited project, potentially leading to security breaches or loss of funds.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2024-4140 | The provisionHTLC Function Can Be Front-Run | fixed | Critical | |
| F-2024-4139 | Missing Funds Transfer In Contract Creation | fixed | Medium | |
| F-2024-4138 | Fee-on-Transfer Accounting-Related Issues | fixed | Medium | |
| F-2024-4145 | Solution is a subject to chain re-org | accepted | Low | |
| F-2024-4142 | The mintHTLC Function Lacks Lockout Mechanism | fixed | Low | |
| F-2024-4141 | The provisionHTLC Function Accepts Arbitrary Amount | fixed | Low | |
| F-2024-4134 | Missing Storage Gaps | accepted | Low | |
| F-2024-4132 | Checks Effects Interactions Pattern Violation | fixed | Low | |
| F-2024-4144 | Protocol is not compliant with the EIP-712 | accepted | Observation | |
| F-2024-4137 | Reentrancy Leading to Signature Replay in Withdrawals | fixed | Observation |
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details
- Commit
- 11cf882→
Contract | Address |
|---|---|
| Pool/ERCPool.sol (Ethereum) | 0x346Dba8b51485FfBd4b07B0BCb84F48117751AD9 |
| Pool/ERCPool.sol (Polygon) | 0xd5cA9F76495b853a5054814A10b6365ee8ed745B |
| Pool/ERCPool.sol (BSC) | 0xE01F0ee653648192812B2D23CBfe7E147727B672 |
Contract
- Pool/ERCPool.sol (Ethereum)
Address
- 0x346Dba8b51485FfBd4b07B0BCb84F48117751AD9
Contract
- Pool/ERCPool.sol (Polygon)
Address
- 0xd5cA9F76495b853a5054814A10b6365ee8ed745B
Contract
- Pool/ERCPool.sol (BSC)
Address
- 0xE01F0ee653648192812B2D23CBfe7E147727B672