Makachain

We express our gratitude to the Makachain team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Makachain Contracts provides a cross-chain bridge infrastructure built on the Hyperlane messaging protocol, targeting the Makachain network. A modified Hyperlane synthetic ERC-20 token is extended with a flat fee mechanism — denominated in the transferred token's own units — that is deducted on every on-chain transfer, with fee proceeds coordinated through a centralized oracle.

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• Functional requirements are partially missed.

• Technical description are partially provided.

• NatSpec comments are sufficient.

• Expected behavior for edge cases is not documented.

Code quality

• The code leverages OpenZeppelin contracts and follows established patterns.

• The development environment is not configured.

Test coverage

Code coverage of the project is 0%.

• No test suite was provided by the client.

The bridge subsystem is composed of two contracts that collectively implement a fee-bearing cross-chain synthetic token. HypERC20 is a modified Hyperlane TokenRouter / ERC20Upgradeable synthetic token whose _transfer override intercepts every token movement. When an oracle address is configured, the override first instructs TrustedOracle to perform a native-coin gas subsidy via gasBack, then queries it for the applicable fee. If a non-zero fee is returned and passes the require(feeAmount < amount) validation, the transfer is split into a fee portion (sent to the oracle) and a net portion (sent to the transfer recipient). When the oracle is not set, transfers fall through to the standard ERC-20 behaviour unchanged. Cross-chain minting and burning are inherited unmodified from the upstream Hyperlane TokenRouter stack, which routes messages through a Hyperlane Mailbox and InterchainSecurityModule.

TrustedOracle serves as the fee authority and the single administrative hub. Per-token flat fee amounts (in the transferred token's denomination), per-token whitelist administrators, and admin-controlled price feeds stored by bytes32 symbol are maintained as configuration state. Fee calculation via calculateFee returns zero when either party is the zero address, the configured recipient, or a whitelisted address for the given token, and otherwise returns the flat fee for that token. A gasBack function automatically tops up the native-coin balance of participating EOAs to a 0.2 ether threshold, sourcing funds through a chain-specific mint precompile when the oracle's own native balance falls below 1,000 ether. Access to gasBack is gated by an explicit registeredContracts allowlist managed by the admin via setRegisteredContracts, decoupling authorization from fee configuration. Core configuration — fees, prices, the MAKA token address, token administrators, and the fee recipient — is managed exclusively by a single admin address, while per-token whitelist management and fee withdrawal are delegated to individually assigned token administrators.

Files in Scope

• HypERC20Flat.sol — Contains the custom HypERC20 contract (the sole modified contract in a flattened upstream Hyperlane token stack). Inheritance from ERC20Upgradeable and TokenRouter is used, _transfer is overridden to intercept transfers and route fees through an oracle with an explicit require(feeAmount < amount) validation, and setOracle is provided for the contract owner to enable or disable the fee mechanism.

• TrustedOracle.sol — The centralized fee and configuration authority. Per-token flat fees are computed via calculateFee (respecting whitelist exemptions, zero-address guards, and recipient-address exemptions). Automatic native-coin gas subsidies are provided via gasBack (gated by the registeredContracts allowlist), and admin-only setters are exposed for fees, prices, whitelists, token admins, registered contracts, and the recipient.

Privileged roles

HypERC20 (HypERC20Flat.sol):

• owner (inherited from OwnableUpgradeable via MailboxClient → Router → GasRouter → TokenRouter): Controls all administrative functions of the Hyperlane token router.

• • Can call setOracle to set or disable the oracle address used for transfer-fee calculation and gas-back logic.

  • Can call setHook to replace the post-dispatch hook contract.

  • Can call setInterchainSecurityModule to replace the interchain security module contract.

  • Can call enrollRemoteRouter to register a trusted remote router for a given destination domain.

  • Can call enrollRemoteRouters to batch-register trusted remote routers for multiple destination domains.

  • Can call unenrollRemoteRouter to remove a trusted remote router for a given destination domain.

  • Can call unenrollRemoteRouters to batch-remove trusted remote routers for multiple destination domains.

  • Can call setDestinationGas to configure the gas limit for cross-chain dispatches to a specific domain (single or batch).

  • Can call setFeeRecipient to set the address that receives Hyperlane router-level transfer fees.

  • Can call setFeeHook to set the fee hook contract used for external fee calculation.

  • Can call transferOwnership to transfer the owner role to a new address.

  • Can call renounceOwnership to irrevocably renounce the owner role, disabling all owner-gated functions.

TrustedOracle.sol

• admin: Full administrative control over fee configuration, pool assignments, pricing, and role management.

• • Can call setFees to configure per-token transfer fees (batch).

  • Can call setRegisteredContracts to explicitly register or deregister contract addresses authorized to call gasBack (batch).

  • Can call setRecipient to set the recipient address used in fee-exemption checks.

  • Can call setTokenAdmins to assign token-specific admin addresses (batch).

  • Can call setPrices to set prices for token symbols (batch).

  • Can call transferAdmin to transfer the admin role to a new address.

• tokenAdmin (per-token, assigned by admin via setTokenAdmins): Per-token administrative role for whitelist management and fee withdrawal.

• • Can call setWhitelist to add or remove addresses from the fee-exemption whitelist for the token they administer (batch).

  • Can call withdrawFees to withdraw accumulated fee balances of the administered token held by the oracle contract.

• registeredContract (explicit; managed via setRegisteredContracts by the admin): Authorized to invoke gas-back operations on behalf of integrated tokens.

• • Can call gasBack to auto-refill native coin balances of EOA addresses involved in a transfer, minting native coins via the MintPrecompile if the oracle's own balance is low.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope