Audit name:
[SCA] Electroneum / ETNbridge / Dec2023
Date:
Jan 5, 2024
Table of Content
Introduction
We thank Electroneum for allowing us to conduct a Smart Contract Security Assessment. This document outlines our methodology, limitations, and results of the security assessment.
ETNBridge is a one-way bridge that was created to migrate all users' balances from a Monero-based chain to an Ethereum-based chain.
| title | content |
|---|---|
| Platform | EVM |
| Language | Solidity |
| Tags | Bridge |
| Timeline | 18/12/2023-27/12/2023 |
| Methodology | https://hackenio.cc/sc_methodology→ |
Last Review Scope | |
|---|---|
| Repository | https://github.com/electroneum/electroneum-sc-contracts→ |
| Commit | 9c9b250→ |
Last Review Scope
- Commit
- 9c9b250→
Audit Summary
10/10
57%
7/10
0/10
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for Electroneum |
| Audited By | David Camps Novi, Viktor Lavrenenko |
| Approved By | Przemyslaw Swiatowiec |
| Website | https://electroneum.com→ |
| Changelog | 27/12/2023 - Final Report |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Electroneum
- Audited By
- David Camps Novi, Viktor Lavrenenko
- Approved By
- Przemyslaw Swiatowiec
- Website
- https://electroneum.com→
- Changelog
- 27/12/2023 - Final Report
System Overview
The Electroneum system consists of a single smart contract: ETNBridge.
The Electroneum project is migrating from their legacy Monero-based chain to a new Ethereum-based chain. To do so, the team created an uni-directional bridge that will be used to migrate all user balances from the old chain to the new one.
User balances in the old chain will be burned, whilst the same amount will be sent on the new chain to the corresponding holders.
Using a centralized off-chain system, the team will send the required tokens of the new chain into the
ETNBridgecontract, so that the balances can be distributed.The ETNBridge owner will call the function
crosschainTransfer()to migrate the balances sequentially.
Privileged roles
Owner:
Can pause/unpause the contract.
Executes the migration via
crosschainTransfer()function.Can upgrade the contract via
upgradeTo/upgradeToAndCall()functions.
Executive Summary
Documentation quality
The total Documentation Quality score is 0 out of 10.
Functional requirements are not provided.
The project's purpose is not described.
The project's features are not explained.
Use cases are missing.
The technical description is not provided:
The technical specification is missing.
Deployment instructions are not provided.
NatSpec is not sufficient for the main functionality of the
ETNBridge.sol.
Code quality
The total Code Quality score is 10 out of 10.
Best practices are followed.
The development environment is configured.
Test coverage
Code coverage of the project is 57% (branch coverage):
For projects with less than 250 LOC (Lines of Code) the test coverage is not mandatory, and it is not accounted for in the final score.
Security score
Upon auditing, the code was found to contain no issues, leading to a security score of 10 out of 10.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's smart contract yields an overall score of 9. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.
Risks
The ETNBridge contract is upgradeable, which means the protocol owners can change the logic of the contract without prior notice.
Most of the bridge management is handled off-chain and in a highly-centralized manner. As such, only a small part of the whole system could be audited, which means that a high security score in this audit does not guarantee the safety of the system for users.
The token supply in both the old legacy chain and the new smart chain is out-of-scope and thus the correct management of supply and its inflation cannot be supervised.
The protocol owner is not multi-signature managed, although it has a critical role in the system. A 3/5 multi-signature should be used at least.
Since the balance of tokens are sent to the ETNBridge prior to user distribution, it is not guaranteed that the contract contains the necessary tokens. It may be the case that some balances are temporarily on hold until new tokens are sent to the contract.
The contract can be paused at will by the contract owner, effectively putting user funds on hold at will.
The lack of signatures creates a centralization risk since the input data can be altered if the oracle goes malicious.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2023-0248 | Use Of Transfer Instead Of Call To Send Native Assets | accepted | Observation | |
| F-2023-0198 | Unused Variables | fixed | Observation | |
| F-2023-0189 | Floating Pragma | fixed | Observation |
Identify vulnerabilities in your smart contracts.
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/electroneum/electroneum-sc-contracts→ |
| Commit | 9b41cd8804e5fe0f2ce6309a7d65faf86f3f7f1c |
| Whitepaper | N/A |
| Requirements | N/A |
| Technical Requirements | N/A |
Scope Details
- Commit
- 9b41cd8804e5fe0f2ce6309a7d65faf86f3f7f1c
- Whitepaper
- N/A
- Requirements
- N/A
- Technical Requirements
- N/A
Contracts in Scope
contracts/ETNBridge.sol