Energy Web Foundation

We express our gratitude to the Energy Web Foundation team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Energy Web is a global non-profit on a mission to accelerate the energy transition by developing and deploying open-source Web3 technologies.

The system users should acknowledge all the risks summed up in the risks section of the report

Greenproof contracts are used to issue certificates assuring certain properties of electricity generators. These certificates are used to determine how much electricity parties have left in their disposal according to the amount they have and have not used.

Certificated data is verified by voting among trusted parties. Only those parties who have acquired the necessary verifiable credentials are allowed to participate in the voting. To avoid security risks, no actual data is stored on-chain.

The project aims to achieve a trustable approach on the usage of clean energy, by keeping track of the energy usage of parties that are participating in the system.

Identifier of generation is a hash of generation data and it is called inputHash, generation data is represented by its Merkle tree and is called matchResult.

The system flow, including off-chain part of the project, is given as the following diagram:

Information about the contracts in the scope:

• Greenproof.sol: High level contract which plays two roles:

• • to proxy calls to business logic components.

  • to initialize and configure logic components.

• GreenproofInit.sol: Initializes the necessary supported interfaces on ERC165 for contracts IClaimManager, IGreenProof, IProofManager, IVoting. Used on deployment of Greenproof.sol.

• IClaimManager.sol: Interface for Claim Manager Contract and Claim Revocation Registry, which are used inside LibClaimManager.sol contract hasRole() function.

• IGreenProof.sol: Interface representation of IssuerFacet.sol contract.

• IProofManager.sol: Interface representation of ProofManagerFacet.sol contract.

• IRewards.sol: Interface representation of VotingFacet.sol contract. Responsible for rewards related functions.

• IVoting.sol: Interface representation of VotingFacet.sol contract. Responsible for voting related functions.

• VotingFacet.sol: Exposes API for driving and configuration of the voting. Internal methods are separated into LibVoting library. Since voting is identified by input hash, it has been aliased as votingID.

• LibVoting.sol: Contains voting functions used by facets.

• IssuerFacet.sol: Contract with main purpose of minting tokens certifying energy attributes. The basis for certification is voting for (votingID, matchResult), which is completed with consensus. Second purpose of the contract is token transferring.

• LibIssuer.sol: Contains certificate functions shared by facets.

• ProofManagerFacet.sol: Contract claiming certified energy generation.

• LibProofManager.sol: Contains claim verification functions shared by facets.

• LibClaimManager.sol: Contains functions, which verify authorization in facets.

• LibReward.sol: Library managing reward payment.

Privileged roles

• Owner: The only account allowed to upgrade contracts, add or remove participants of voting, cancel expired votings and enable or disable reward of voters, who have reached consensus.

• Worker: Account who is able to determine generator data by generation identifier. Since this process requires off-chain data workers are off-chain nodes. Only nodes which are able to present certain verifiable credentials are allowed to vote.

• Issuer: Is authorized to mint energy certificates and make their data public.

• Revoker:

• Any user with the revokerRole (defined during contract deployment) is allowed to revoke a certificate.

• Claimer: Any user with the claimerRole (defined during contract deployment) is allowed to retire either partially or totally a certificate on behalf of the certificate owner.

The total Documentation quality score is 10 out of 10.

• Functional requirements are detailed.

• Technical description is detailed.

• NatSpec is consistent.

The total Code quality score is 10 out of 10.

• The development environment is configured.

• The code follows official language style guides and best practices.

Code coverage of the project is 100% (branch coverage).

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is present.

• Interactions by several users are tested thoroughly.

Upon auditing, the code was found to contain 0 critical, 1 high, 8 medium, and 16 low severity issues. Out of these, 20 issues have been addressed and resolved, leading to a Security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 10. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope