Audit name:
[SCA] LaChain | Bridge | Oct2023
Date:
Oct 17, 2023
Table of Content
Introduction
We express our gratitude to the Ripio team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.
LaChain is a bridge protocol that provides a modular multi-directional blockchain bridge to allow data and value transfer between any number of blockchains.
| title | content |
|---|---|
| Platform | Polygon, Others |
| Language | Solidity |
| Tags | Bridge |
| Timeline | 11/09/2023 - 16/10/2023 |
| Methodology | https://hackenio.cc/sc_methodology→ |
Audit Summary
10/10
94.25%
10/10
10/10
The system users should acknowledge all the risks summed up in the risks section of the report
Document Information
This report may contain confidential information about IT systems and the intellectual property of the Customer, as well as information about potential vulnerabilities and methods of their exploitation.
The report can be disclosed publicly after prior consent by another Party. Any subsequent publication of this report shall be without mandatory consent.
Document | |
|---|---|
| Name | Smart Contract Code Review and Security Analysis Report for Ripio |
| Audited By | Hacken |
| Changelog | 18/09/2023 – Initial Review |
| 16/10/2023 - Second Review |
Document
- Name
- Smart Contract Code Review and Security Analysis Report for Ripio
- Audited By
- Hacken
- Changelog
- 18/09/2023 – Initial Review
- 16/10/2023 - Second Review
System Overview
LaChain is a bridge protocol that provides a modular multi-directional blockchain bridge to allow data and value transfer between any number of blockchains.
For this purpose, the ChainBridge is used. ChainBridge is an extensible cross-chain communication protocol. It currently supports bridging between EVM based chains.
A bridge contract on each chain forms either side of a bridge. Handler contracts allow for customizable behavior upon receiving transactions to and from the bridge. For example, locking up an asset on one side and minting a new one on the other.
In its current state, ChainBridge operates under a trusted federation model. Deposit events on one chain are detected by a trusted set of off-chain relayers who await finality, submit events to the other chain and vote on submissions to reach acceptance triggering the appropriate handler.
Chainbridge is a relayer type bridge. The role of a relayer is to vote for the execution of a request (how many tokens to burn/release, for example). It monitors events from every chain, and votes for a proposal in the Bridge contract of the destination chain when it receives a Deposit event from a chain. A relayer calls a method in the Bridge contract to execute the proposal after the required number of votes are submitted. The bridge delegates execution to the Handler contract.
Privileged roles
The owner can withdraw funds from the handler contract with the
emergencyWithdraw(),adminWithdraw()andtransferFunds()functions, it can also set variables in the Bridge.sol contract such as:fee,relayerThreshold, add and remove relayers, forwarder, deposit nonce, burnable, generic resource, resource, minimum amount to bridge, resource IDs.The relayers can vote, execute and reject a proposal in the Bridge.sol contract.
The bridge can withdraw, deposit and execute a proposal in the ERC20Handler.sol contract.
Executive Summary
Documentation quality
The total Documentation quality score is 10 out of 10.
Functional requirements are provided.
Technical description is provided.
Natspec is provided.
The development environment is described.
Code quality
The total Code quality score is 10 out of 10.
The development environment is configured.
Test coverage
Code coverage of the project is 94.25% (branch coverage).
Deployment and basic user interactions are covered with tests.
Negative cases coverage is missed.
Interactions by several users are not tested thoroughly.
Security score
Upon auditing, the code was found to contain 4 critical, 1 high, 2 medium, and 3 low severity issues. Out of these, 9 issues have been addressed and resolved, leading to a security score of 10 out of 10.
All identified issues are detailed in the “Findings” section of this report.
Summary
The comprehensive audit of the customer's smart contract yields an overall score of 9.8. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.
Risks
If the deposit is performed through WrapperLAC.wrapAndDeposit(), the sender parameter in the Deposit() event will be the WrapperLAC instead of the user.
Users bridge funds from chain A to chain B, they transfer the funds to a contract in chain A expecting to receive them on chain B, but there is no way of knowing if chain B has enough funds, in this case the user would pay on chain A and not receive anything on chain B, relayers or the admin would need to manually unlock the funds.
The protocol relays on relayer to work properly, if one gets compromised, the bridge could get Denial of Service attacked, if enough relayers get compromised the bridge could be drained.
The contracts are upgradeable, the audit remains valid only if the code being audited is the one getting deployed on chain and does not get upgraded.
There are external calls to contracts that are not in the scope, this external interactions could create problems that are not verifiable in the scope of the audit.
The fee can be changed by the owner at any time and has no limit on the amount that can be extracted from the transaction.
Findings
Code ― | Title | Status | Severity | |
|---|---|---|---|---|
| F-2023-147 | Unvalidated Deposit Amount | fixed | Critical | |
| F-2023-147 | Unverifiable Logic in ERC20HandlerHelpers and WrapperLAC | fixed | Critical | |
| F-2023-147 | Proposals Mapping Key Collision | fixed | Critical | |
| F-2023-1476 | Highly Permissive Role Access in adminWithdraw and emergencyWithdraw | mitigated | Critical | |
| F-2023-148 | Any Realyer Could Cancel a Proposal | fixed | High | |
| F-2023-148 | Missing Validations in the Fee Variable | fixed | Medium | |
| F-2023-1481 | Missing Validations in the Bridge Initializer | fixed | Medium | |
| F-2023-148 | Initializers Not Disabled on the Implementation Contract | fixed | Low | |
| F-2023-148 | Missing Error Parameter | fixed | Low | |
| F-2023-1483 | Redundant Storage Read | fixed | Low |
Appendix 1. Severity Definitions
When auditing smart contracts, Hacken is using a risk-based approach that considers Likelihood, Impact, Exploitability and Complexity metrics to evaluate findings and score severities.
Reference on how risk scoring is done is available through the repository in our Github organization:
Severity | Description |
|---|---|
Critical | Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation. |
High | High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation. |
Medium | Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category. |
Low | Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score. |
Severity
- Critical
Description
- Critical vulnerabilities are usually straightforward to exploit and can lead to the loss of user funds or contract state manipulation.
Severity
- High
Description
- High vulnerabilities are usually harder to exploit, requiring specific conditions, or have a more limited scope, but can still lead to the loss of user funds or contract state manipulation.
Severity
- Medium
Description
- Medium vulnerabilities are usually limited to state manipulations and, in most cases, cannot lead to asset loss. Contradictions and requirements violations. Major deviations from best practices are also in this category.
Severity
- Low
Description
- Major deviations from best practices or major Gas inefficiency. These issues will not have a significant impact on code execution, do not affect security score but can affect code quality score.
Appendix 2. Scope
The scope of the project includes the following smart contracts from the provided repository:
Scope Details | |
|---|---|
| Whitepaper | Not provided |
| Requirements | Provided |
| Technical Requirements | Provided |
Scope Details
- Whitepaper
- Not provided
- Requirements
- Provided
- Technical Requirements
- Provided