Echo Protocol

We express our gratitude to the Echo Protocol team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Echo Bridge protocol is an IOTA Ethereum bridge solution. The protocol enables cross-chain bridging and communication between the IOTA blockchain and EVM compatible chains. Its primary goal is to support bidirectional token bridging, allowing users to move assets seamlessly between chains using a validator committee for message verification. The system ensures trust-minimized operations through threshold-based signature approval, nonce-based replay protection, and committee governance. ERC20 tokens can be locked on the EVM side and minted as wrapped assets on IOTA, and vice versa.

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• Functional requirements are partially provided.

• • Use cases and project purpose are not provided.

  • Features are partially provided.

• Technical description is not provided.

• • Key function descriptions are partilally provided.

  • Architecture is not described.

Code quality

• The code mostly follows  best practices and style guides.

• • See informational findings for more details.

Test coverage

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is missed.

• Interactions by several users are not tested thoroughly.

Echo Bridge is a bridge protocol that supports asset bridging from EVM chains to IOTA and vice versa. It includes the following modules:

• bridge –  the main contract serves as the central entry point for all bridge functionality. It handles the configuration of critical data and provides governance mechanisms for executing system-level configuration transactions;

• committee – responsible for managing the committee, this component tracks active members and maintains a blocklist for excluded participants;

• chain_ids – responsible for storing hardcoded chain IDs and managing the addition of supported bridge routes;

• crypto – a utility module providing a single function to convert an ECDSA public key into an Ethereum address;

• ibtc – defines and initializes the iBTC token as a bridged Bitcoin asset on IOTA. Sets up treasury, metadata, and finalizes bridge initialization;

• limiter  – this module enforces rate limits on value transffered per route using a 24-hour ring buffer. It tracks hourly outflows, maintains a rolling sum, and checks if new transactions exceed the configured limit. Limits and asset prices are adjustable via a dedicated function;

• message_types – contains hardcoded message type codes, and getters for them;

• message – this module handles encoding and decoding of bridge messages. It also defines constants for pause and unpause message types and includes logic for determining the voting power required to execute each message type;

• treasury – manages separate treasuries for each supported token and tracks their approximate prices for rate-limiting purposes. It supports minting, burning, price updates, and adding new tokens. Token support, once added, cannot be removed.

Privileged roles

• The bridge AdminCap can update the fee_recipient and submitters, and is responsible for registering and initializing the committee. Additionally, the admin can migrate the bridge and admin capability versions.

• The TreasuryCap is responsible for adding new tokens to the bridge. Tokens are first placed in a waiting room and require approval through committees.

• The submitter is responsible for triggering the approve_token_transfer function to approve token bridging.

• The committees is responsible for executing system messages and signing bridge transaction approval requests.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope