Audit name:
[SCA] Gunzilla / Bridge / Mar2025
Date:
Mar 31, 2025
Table of Content
Introduction
We express our gratitude to the Gunzilla team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
GUNZ is a Layer 1 blockchain designed for AAA Web3 gaming, developed by Gunzilla Games. It powers a comprehensive gaming ecosystem with services tailored to the needs of both developers and players.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for Gunzilla |
| Audited By | Olesia Bilenka |
| Approved By | Ivan Bondar |
| Website | https://gunzillagames.com/en/→ |
| Changelog | 30/03/2025 - Preliminary Report |
| Platform | GUN; Avalanche C-Chain |
| Language | Solidity |
| Tags | Fungible Token; Permit Token; Signatures; Bridge; Upgradable |
| Methodology | https://hackenio.cc/sc_methodology→ |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Gunzilla
- Audited By
- Olesia Bilenka
- Approved By
- Ivan Bondar
- Changelog
- 30/03/2025 - Preliminary Report
- Platform
- GUN; Avalanche C-Chain
- Language
- Solidity
- Tags
- Fungible Token; Permit Token; Signatures; Bridge; Upgradable
- Methodology
- https://hackenio.cc/sc_methodology→
Review Scope | |
|---|---|
| Repository | https://github.com/Gunzilla-Games/gun-layerzero-bridge/→ |
| Commit | b7c0ca4 |
| Retest Commit | 8d1c562 |
Review Scope
- Commit
- b7c0ca4
- Retest Commit
- 8d1c562
Audit Summary
The system users should acknowledge all the risks summed up in the risks section of the report
Documentation quality
Functional requirements are detailed.
Project overview is detailed.
All roles in the system are described.
Use cases are described and detailed.
For each contract, all futures are described.
All interactions are described.
Technical description is limited.
Run instructions are provided.
Technical specification is provided.
The NatSpec documentation is not sufficient.
Code quality
The development environment is configured.
Test coverage
Code coverage of the project is 0% (branch coverage).
Tests are failing.
System Overview
GUNZ Bridge is a decentralized cross-chain bridge facilitating the transfer of digital assets between the GUN Network (a native chain) and Avalanche C-Chain. It achieves this by wrapping native GUN coins into WGUN tokens on the GUN Network and minting GUNZ tokens on Avalanche. The system utilizes LayerZero V1 for cross-chain messaging and enforces strict guardian validation for security across all asset flows.
The protocol consists of multiple interoperable contracts, divided across source (GUN Network) and destination (Avalanche C-Chain) chains.
The Files in Scope:
GunzBridge.sol (Avalanche C-Chain) - LayerZero-powered cross-chain bridge for GUNZ tokens, handling mint/burn during asset transfers.
WGUN.sol (GUN Network) - Wrapped representation of native GUN coins, conforming to the WETH-style ERC-20 interface.
WGUNBridge.sol (GUN Network) - LayerZero-powered bridge for WGUN and native GUN assets.
Privileged roles
GunzBridge.sol
DEFAULT_ADMIN_ROLE:Chain management (add/remove chains, block nonces).
Set guardian and token address.
FEE_MANAGER_ROLE:Set bridge fee.
Withdraw collected fees.
WGUNBridge.sol
DEFAULT_ADMIN_ROLE:Manage chains, guardian, pause/unpause bridge.
Withdraw native GUN or WGUN.
MANAGER_ROLE:Set bridge fees.
WGUN.sol
DEFAULT_ADMIN_ROLE:Can set
guardian.
Potential Risks
Scope Definition and Security Guarantees: The audit does not cover all code in the repository. Contracts outside the audit scope may introduce vulnerabilities, potentially impacting the overall security due to the interconnected nature of smart contracts.
System Reliance on External Contracts: The functioning of the system significantly relies on specific external contracts. Any flaws or vulnerabilities in these contracts adversely affect the audited project, potentially leading to security breaches or loss of funds.
Owner's Unrestricted State Modification: The absence of restrictions on state variable modifications by the owner leads to arbitrary changes, affecting contract integrity and user trust, especially during critical operations like minting phases.
Absence of Time-lock Mechanisms for Critical Operations: Without time-locks on critical operations, there is no buffer to review or revert potentially harmful actions, increasing the risk of rapid exploitation and irreversible changes.
Single Points of Failure and Control: The project is fully or partially centralized, introducing single points of failure and control. This centralization can lead to vulnerabilities in decision-making and operational processes, making the system more susceptible to targeted attacks or manipulation.
Flexibility and Risk in Contract Upgrades: The project's contracts are upgradable, allowing the administrator to update the contract logic at any time. While this provides flexibility in addressing issues and evolving the project, it also introduces risks if upgrade processes are not properly managed or secured, potentially allowing for unauthorized changes that could compromise the project's integrity and security.
Absence of Upgrade Window Constraints: The contract suite allows for immediate upgrades without a mandatory review or waiting period, increasing the risk of rapid deployment of malicious or flawed code, potentially compromising the system's integrity and user assets.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2025-9542 | Missing Public Pause/Unpause Functions Prevent Emergency Control in GunzBridge Despite Use of whenNotPaused | fixed | High | |
| F-2025-9534 | Missing Guardian Approval in bridgeNativeTokens Allows Unchecked Transfers of Wrapped Native Assets | fixed | High | |
| F-2025-9527 | Irreversible Token Freezing Due to blockedNonces Mechanism in Bridge Contracts | accepted | High | |
| F-2025-9543 | Mutable wrappedGun May Affect Bridge Consistency | fixed | Medium | |
| F-2025-9533 | Unchecked Guardian Approval Return Value | mitigated | Medium | |
| F-2025-9525 | Unrestricted Withdrawal by Admin in WGUNBridge contract | accepted | Medium | |
| F-2025-9544 | Missing nonReentrant Modifier in _nonblockingLzReceive Function | accepted | Low | |
| F-2025-9536 | Improper Handling of Signature v Value in _recover May Cause Valid Signatures to Fail Verification | fixed | Low | |
| F-2025-9535 | Inconsistent and Redundant Chain Validation in Bridge Contracts | accepted | Low | |
| F-2025-9529 | Lack of Validation for Zero Address and Zero Amount in Bridging Functions | mitigated | Low |
Identify vulnerabilities in your smart contracts.
Appendix 1. Definitions
Severities
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution.
Potential Risks
The "Potential Risks" section identifies issues that are not direct security vulnerabilities but could still affect the project’s performance, reliability, or user trust. These risks arise from design choices, architectural decisions, or operational practices that, while not immediately exploitable, may lead to problems under certain conditions. Additionally, potential risks can impact the quality of the audit itself, as they may involve external factors or components beyond the scope of the audit, leading to incomplete assessments or oversight of key areas. This section aims to provide a broader perspective on factors that could affect the project's long-term security, functionality, and the comprehensiveness of the audit findings.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/Gunzilla-Games/gun-layerzero-bridge/→ |
| Commit | b7c0ca4a6c1d52b5d61b0ca1c23afbe0744919e6 |
| Retest Commit | 8d1c562e3a7b9d4e17dea37e7d33d8f9b5a3126e |
| Whitepaper | N/A |
| Requirements | README.md; NatSpec |
| Technical Requirements | README.md: NatSpec |
Scope Details
- Commit
- b7c0ca4a6c1d52b5d61b0ca1c23afbe0744919e6
- Retest Commit
- 8d1c562e3a7b9d4e17dea37e7d33d8f9b5a3126e
- Whitepaper
- N/A
- Requirements
- README.md; NatSpec
- Technical Requirements
- README.md: NatSpec
Assets in Scope
GunzBridge.solWGUN.solWGUNBridge.sol