Polymesh

We express our gratitude to the Polymesh team for the collaborative engagement that enabled the execution of this Blockchain Protocol Security Assessment.

Polymesh is a Layer 1 blockchain specifically designed for security tokens, emphasizing compliance within regulated markets. It facilitates the issuance, transfer, and management of security tokens while ensuring adherence to regulatory standards.

Key features include identity verification mechanisms, governance frameworks, and compliance tools that enhance liquidity and create new funding opportunities for organizations. By prioritizing regulatory compliance and security, Polymesh aims to revolutionize the landscape of asset tokenization.

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• The protocol documentation is readily accessible on the official Polymesh website.

• The README file provides comprehensive documentation on the build and testing processes.

• The documentation within the codebase is sufficient, offering a solid understanding of the implemented functionalities.

• Both the in-code documentation and the website require updates to align with the latest changes.

Code quality

• The codebase adheres to the highest standards of quality in Rust programming.

• The Substrate code consistently maintains a superior level of quality.

• Benchmarking and weight management are effectively implemented; however, several pitfalls were identified during the audit process.

• Test coverage is recognized as an area requiring improvement.

• The codebase contains unresolved TODO comments, highlighting aspects that necessitate further attention.

Architecture quality

• Polymesh utilizes the mature and widely adopted Substrate framework as the foundational infrastructure for its blockchain.

• The codebase exhibits modularity by effectively organizing functionalities into Substrate pallets.

• Interactions between pallets are concise and thoughtfully designed.

• This modular approach facilitates the safe and efficient implementation of future features.

Polymesh is a Layer 1 blockchain built on the Substrate framework, specifically designed for the issuance and management of security tokens. It integrates various components to achieve its objectives while retaining critical functionalities from the Substrate framework, particularly concerning regulatory compliance requirements like Know Your Customer (KYC) and Customer Due Diligence (CDD).

The audit focused on the changes implemented between Polymesh version 6 and version 7. Key modifications include:

• Asset Management Enhancement: Assets are now distinguished by unique identifiers, replacing the previous reliance on Ticker, thereby improving asset management efficiency.

• Staking Mechanism Updates: The staking system has been updated to align more closely with the latest Substrate Staking Pallet, enhancing its functionality while preserving essential features unique to Polymesh, such as Customer Due Diligence (CDD).

• Multi-Signature Proposal Management Enhancements: Adjustments have been implemented to enhance the management of MultiSignature accounts, including improvements to proposal processes and the streamlining of identity and key-related operations.

• Support for Mediators in Settlement Processes: An external party can now be included in the instruction, with their affirmation required for approval.

The scope of the project includes the following components from the provided repository:

Components in Scope

The audit encompasses the entire Polymesh → repository, with a particular emphasis on analyzing the modifications between versions 7 and 6 of Polymesh.

Assets in Scope