Introduction
We express our gratitude to the COTI and Soda Labs team for the collaborative engagement that enabled the execution of this Blockchain Protocol Security Assessment.
gcEVM is a solution designed to enhance Ethereum-compatible environments by integrating privacy-preserving features through Secure Multiparty Computation. It ensures encrypted, privacy-preserving computations while supporting seamless integration with existing Ethereum-based applications. Developers can utilize gcEVM to create privacy-focused decentralized applications by leveraging new data types and security measures without compromising performance.
Document | |
|---|---|
| Name | gcEVM-Based Blockchain Protocol Review and Security Analysis Report for COTI and Soda Labs |
| Audited By | Nino Lipartiia, Tanuj Soni, Hamza Sajid |
| Approved By | Stepan Chekhovskoi |
| Website | https://www.sodalabs.xyz/→ |
| Language | Golang |
| Tags | Go-Ethereum, EVM, MPC |
| Methodology | https://hackenio.cc/blockchain_methodology→ |
Document
- Name
- gcEVM-Based Blockchain Protocol Review and Security Analysis Report for COTI and Soda Labs
- Audited By
- Nino Lipartiia, Tanuj Soni, Hamza Sajid
- Approved By
- Stepan Chekhovskoi
- Website
- https://www.sodalabs.xyz/→
- Language
- Golang
- Tags
- Go-Ethereum, EVM, MPC
- Methodology
- https://hackenio.cc/blockchain_methodology→
Review Scope | |
|---|---|
| Repository | https://github.com/soda-mpc/go-ethereum→ |
| Review Commit | c53489958e34ca2dcc57bf5e8246aa0ca9015a88 |
| Commit After Fixes | 76a7d1eecac00143ba28df45e4ccae92dfaa0739 |
Review Scope
- Repository
- https://github.com/soda-mpc/go-ethereum→
- Review Commit
- c53489958e34ca2dcc57bf5e8246aa0ca9015a88
- Commit After Fixes
- 76a7d1eecac00143ba28df45e4ccae92dfaa0739
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Comprehensive documentation is provided, including a white paper.
Additional documents covering transaction flow, block propagation, and minting and inflation are present.
Module-level documentation clearly explains the functionality of each component.
The codebase includes helpful comments to improve clarity.
While build instructions were not available in the repository for security reasons, they were supplied for audit testing purposes.
Code quality
The codebase maintains high quality standards.
Tests were failing in the initial audit review commit but were subsequently fixed during the remediation phase.
Comprehensive end-to-end tests are in place to improve coverage.
The code contains several unresolved "SODO" (TODO) items that, while not urgent, highlight areas for future refinement.
Architecture quality
Built upon the reliable Go-Ethereum source code, providing a strong foundation.
Implements a design for private data management and secure computation on ciphertexts without prior decryption, resembling homomorphic encryption but utilizing a Garbled Circuit-based MPC protocol.
Modifications to the EVM are implemented as a precompiled contract.
Security is enhanced through custom-designed authenticated memory and storage.
Transaction processing and block production are handled by a sequencer and two executors, while validators are responsible for block validation.
The gcEVM network uses a custom Proof of Authority (PoA) consensus called CO2, ensuring secure and efficient transaction processing.
The current model is centralized, with plans for decentralization in the future.
System Overview
Soda gcEVM is a modified Geth fork designed to enhance confidentiality and security in blockchain operations. It incorporates significant changes to the consensus layer, network layer, and virtual machine (VM).
Node Types and Roles
The Soda gcEVM network consists of three distinct node types, each fulfilling specific roles:
Sequencer: Responsible for managing the mempool and generating the "red block," which includes valid transactions, some involving private data. It validates non-private transactions and sends the red block to executors.
Executors: Validate the red block and perform privacy operations via Multi-Party Computation (MPC). Upon success, they create the "black block" and forward it to both the sequencer and validators.
Validators: Validate the "black block" to ensure the block's correctness before finalizing the process.
Key Components and Modifications
Consensus (CO2): A customized version of the Clique consensus mechanism, introducing the new roles of Executor and Sequencer to enhance functionality.
SES: A proprietary library that utilizes CGO to invoke C code directly from Go, playing a pivotal role in the consensus mechanism.
Soda-MPC: Implements Multi-Party Computation (MPC) with garbled circuits to secure data privacy across the network. Though outside the scope of this audit, it integrates secure operations as an EVM extension.
EVM Extension: Enhances the virtual machine layer with a precompiled contract that integrates MPC computation for secure operations.
Risks
Single Point of Failure: If either the sequencer or one of the executors misbehaves or disconnects, the entire chain will halt. While the design prevents invalid transactions, this centralization introduces significant risks to system stability and availability.
Centralization Risk: The system's architecture is highly centralized, relying on a single sequencer and two executors, all managed by trusted network parties. The development team has indicated plans to modify the architecture to achieve greater distribution and decentralization, which may mitigate these risks in the future.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2025-1203 | Executor Panics on Sequencer Transactions Exceeding Gas Limits | fixed | High | |
| F-2025-9399 | Gas Cost Discrepancy for Several Secure Operations | fixed | Medium | |
| F-2025-9403 | Questionable Validation of SodaMPCExecutionError | fixed | Low | |
| F-2025-9294 | Centralized Token Emission Distribution Creates Critical Single Point of Failure | accepted | Low | |
| F-2025-9214 | Unnecessary Insertion to Authenticated Memory After offBoardToUser | accepted | Low | |
| F-2025-9212 | Unreliable Signature Verification Process | accepted | Low | |
| F-2025-9180 | Unsafe CGO Integration in Consensus Mechanism | mitigated | Low | |
| F-2025-9036 | Deprecated & Insecure Functions in Key Operations | accepted | Low | |
| F-2025-9034 | Vulnerabilities in Go External Dependencies & Standard Library | mitigated | Low | |
| F-2025-9028 | Inadequate Handling of gRPC Errors | fixed | Low |
Findings like these can secure your blockchain.
Appendix 1. Severity Definitions
Severity | Description |
|---|---|
Critical | Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required. |
High | High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category. |
Medium | Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively. |
Low | Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system. |
Severity
- Critical
Description
- Vulnerabilities that can lead to a complete breakdown of the blockchain network's security, privacy, integrity, or availability fall under this category. They can disrupt the consensus mechanism, enabling a malicious entity to take control of the majority of nodes or facilitate 51% attacks. In addition, issues that could lead to widespread crashing of nodes, leading to a complete breakdown or significant halt of the network, are also considered critical along with issues that can lead to a massive theft of assets. Immediate attention and mitigation are required.
Severity
- High
Description
- High severity vulnerabilities are those that do not immediately risk the complete security or integrity of the network but can cause substantial harm. These are issues that could cause the crashing of several nodes, leading to temporary disruption of the network, or could manipulate the consensus mechanism to a certain extent, but not enough to execute a 51% attack. Partial breaches of privacy, unauthorized but limited access to sensitive information, and affecting the reliable execution of smart contracts also fall under this category.
Severity
- Medium
Description
- Medium severity vulnerabilities could negatively affect the blockchain protocol but are usually not capable of causing catastrophic damage. These could include vulnerabilities that allow minor breaches of user privacy, can slow down transaction processing, or can lead to relatively small financial losses. It may be possible to exploit these vulnerabilities under specific circumstances, or they may require a high level of access to exploit effectively.
Severity
- Low
Description
- Low severity vulnerabilities are minor flaws in the blockchain protocol that might not have a direct impact on security but could cause minor inefficiencies in transaction processing or slight delays in block propagation. They might include vulnerabilities that allow attackers to cause nuisance-level disruptions or are only exploitable under extremely rare and specific conditions. These vulnerabilities should be corrected but do not represent an immediate threat to the system.
Appendix 2. Scope
The scope of the project includes the following components from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/soda-mpc/go-ethereum→ |
| Commit | c53489958e34ca2dcc57bf5e8246aa0ca9015a88 |
| Whitepaper | https://www.sodalabs.xyz/wp-content/uploads/2024/10/gcEVM-v.-0.1-1.pdf→ |
Scope Details
- Repository
- https://github.com/soda-mpc/go-ethereum→
- Commit
- c53489958e34ca2dcc57bf5e8246aa0ca9015a88
Components in Scope
The scope consists of the whole codebase, with primarily focus on:
Modification of EVM, allowing private data and secure operations.
Soda co2 consensus engine.
gcEVM node roles.
SES module.
Minting & inflation.
The remediation check has been conducted based on commit hash 76a7d1e →, which reflects the status of each issue following this process. It is important to acknowledge that this commit may include changes made subsequent to the initial review commit, which were not part of the audit assessment.