Audit name:
[dApp] Multiverse X / MX Metamask Snaps / May 2024
Date:
May 30, 2024
Table of Content
Introduction
We express our gratitude to the Multiverse X team for the collaborative engagement that enabled the execution of this Security Assessment.
MultiversX is a highly scalable, decentralized blockchain network designed for next-generation applications. It leverages adaptive state sharding and a secure proof-of-stake consensus mechanism to provide an efficient, scalable, and secure blockchain platform.
| title | content |
|---|---|
| Language | TypeScript, JavaScript |
| Tags | [Snap] |
| Timeline | 14/05/2024 - 17/05/2024 |
Review Scope | |
|---|---|
| Repository | https://github.com/hknio/mx-metamask-snaps-d05bcac3ec10375973da6/→ |
| Commit | 992c22e |
Review Scope
- Commit
- 992c22e
Audit Summary
10/10
n/a
n/a
n/a
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Snap Code Review and Security Analysis Report for Multiverse X |
| Audited By | Stephen Ajayi |
| Approved By | Stephen Ajayi |
| Website | https://multiversx.com→ |
| Changelog | 17/05/2024 - Preliminary Report |
Document
- Name
- Snap Code Review and Security Analysis Report for Multiverse X
- Audited By
- Stephen Ajayi
- Approved By
- Stephen Ajayi
- Website
- https://multiversx.com→
- Changelog
- 17/05/2024 - Preliminary Report
System Overview
MultiversX, previously known as Elrond, is a highly scalable, decentralized blockchain network designed for next-generation applications. It leverages adaptive state sharding and a secure proof-of-stake consensus mechanism to provide an efficient, scalable, and secure blockchain platform. MultiversX is built to support a wide variety of blockchain protocols beyond Ethereum, enabling robust and versatile decentralized applications (dApps).
Audit Focus: MetaMask Snap
The audit conducted on the MultiversX MetaMask Snap focused on the permissions and security of the Snap's functionalities.
Executive Summary
This report presents an in-depth analysis and scoring of the customer's Snap project.
Security score
Upon auditing, the code was found to contain 0 critical, 0 high, 1 medium, and 1 low severity issues. Out of these, 4 issues have been addressed and resolved, leading to a security score of 10 out of 10.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's Snap yields an overall score of 10. This score reflects the combined evaluation of the security aspects of the project.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2024-2832 | Insecure Handling of Private Keys | fixed | Medium | |
| F-2024-2702 | Insecure Compiler Flags | fixed | Low | |
| F-2024-2995 | Missing Author Information in Package Metadata | fixed | Observation | |
| F-2024-2991 | Caret Range Versioning Vulnerability in Dependency Management | fixed | Observation | |
| F-2024-2836 | Insufficient Error Handling and Potential Data Leakage | fixed | Observation | |
| F-2024-2835 | Lack of Secure Transmission in API Calls | fixed | Observation | |
| F-2024-2830 | Floating Point Precision and Rounding Errors | fixed | Observation | |
| F-2024-2701 | Potential for Exposing Sensitive Data | fixed | Observation | |
| F-2024-2697 | Dependency Vulnerabilities | fixed | Observation |
Protect your dApp with insights like these.
Appendix 1. Severity Definitions
Severity | Description |
|---|---|
Critical | These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm. |
High | These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach. |
Medium | These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention. |
Low | These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation. |
Severity
- Critical
Description
- These issues present a major security vulnerability that poses a severe risk to the system. They require immediate attention and must be resolved to prevent a potential security breach or other significant harm.
Severity
- High
Description
- These issues present a significant risk to the system, but may not require immediate attention. They should be addressed in a timely manner to reduce the risk of the potential security breach.
Severity
- Medium
Description
- These issues present a moderate risk to the system and cannot have a great impact on its function. They should be addressed in a reasonable time frame, but may not require immediate attention.
Severity
- Low
Description
- These issues present no risk to the system and typically relate to the code quality problems or general recommendations. They do not require immediate attention and should be viewed as a minor recommendation.
Appendix 2. Scope
The scope of the project includes the provided repository:
Scope Details | |
|---|---|
| Repository | https://github.com/multiversx/mx-metamask-snaps→ |
| Commit | 992c22e |
| Npm Package | https://www.npmjs.com/package/@multiversx/metamask-snap→ |
| Requirements | |
| Technical Requirements |
Scope Details
- Commit
- 992c22e
- Requirements
- Technical Requirements