Bitlayer

We express our gratitude to the Bitlayer team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Bitlayer represents a revolutionary integration, melding elite decentralized exchange (DEX) mechanisms into an innovative, high-efficiency system. This pioneering approach is designed to streamline token exchanges and cross-chain transactions, ensuring seamless operability and liquidity management within the crypto ecosystem.

The system users should acknowledge all the risks summed up in the risks section of the report

Bitlayer bridge comprises three main contracts:

TokenExchange: Facilitates the exchange of tokens with rigorous permission and signature verification mechanisms. It supports operations like swapping tokens under specific conditions, withdrawing tokens, and modifying contract administrative roles.

BitlayerProxy: Serves as a proxy following the ERC1967 standard, allowing for future upgrades and changes to the contract logic without affecting the deployed version.

BitlayerBridge: Enables the locking and unlocking of native cryptocurrency transactions across different blockchain networks, with roles and permissions managed through AccessControl. It supports liquidity management, fee adjustments, and pausable functionality for emergency stops.

Contracts

TokenExchange

• Functionalities:

• • Facilitates token swaps with ERC20 tokens using EIP712 signatures for permissioned operations.

  • Allows the withdrawal of ERC20 tokens and native cryptocurrency (referred to as "BTC" in comments) by the owner.

  • Supports owner and operator role management for executing sensitive contract operations.

  • Manages vaults that designate supported token addresses for swapping.

• Attributes:

• • owner: Address of the contract owner.

  • operator: Address of the contract operator.

  • vaults: A mapping of addresses to boolean values, indicating whether a token address is supported for swaps.

• Privileged Roles:

• • owner: Can transfer ownership, set the operator, manage vaults, and withdraw tokens.

  • operator: Can execute the permitAndSwap function.

BitlayerProxy

• Functionalities: Serves as a minimalistic instance of the ERC1967Proxy, primarily for deployment purposes without additional specific functionalities.

BitlayerBridge

• Functionalities:

• • Manages cross-chain transactions with functionality to lock and unlock native cryptocurrency.

  • Handles liquidity contributions and withdrawals, enabling users to support the bridge's operations with their assets.

  • Allows role-based management for pausing and unpausing contract operations, setting fee addresses, and adjusting fees.

• Attributes:

• • feeAddress: Address where transaction fees are collected.

  • lockFeeAmount: The amount charged as a fee for locking transactions.

  • liquidityOf: Mapping of addresses to their contributed liquidity amounts.

  • totalLocked: Total amount of cryptocurrency locked through the bridge.

  • totalUnlocked: Total amount of cryptocurrency unlocked.

• Privileged Roles:

• • AdminRole: Can upgrade the contract, manage roles, pause/unpause the bridge, and adjust fees and the fee address.

  • PauseRole: Can pause contract operations.

  • UnlockRole: Can unlock transactions, allowing the withdrawal of locked funds.

  • LiquidityRole: Can manage liquidity withdrawals on behalf of others.

The total Documentation Quality score is 7 out of 10.

• Functional requirements are partially missed.

• Technical description is not provided.

• Technical flow is not provided.

The total Code Quality score is 9 out of 10.

• Missing best practices

• The development environment is configured.

Code coverage of the project is 86.36% (branch coverage),

• Not all branches are covered with tests.

Upon auditing, the code was found to contain 0 critical, 0 high, 1 medium, and 3 low severity issues. After remediation part of the audit process 1 medium issue was mitigated, 2 low issues were fixed and 1 low issue was accepted, leading to a security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 9. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope