POA Forum

Quantstamp Security audit for TokenBridge contracts completed

In December we updated the xDai bridge to support deposits in both Sai/SCD and Dai/MCD tokens. Prior to the contracts update we engaged with the Quantstamp team to conduct a comprehensive security audit on the new contract versions. The audit results are now finalized - a link is located at the end of this post.

The security audit was performed on the code base containing new features introduced since the last audit (release 2.4.0 in August 2019). These new features, introduced across several releases, include:

  • Arbitrary Message Bridge (AMB)
  • ERC677-to-ERC677 bridge on top of AMB
  • Alternative Receiver
  • Different token decimals
  • Two Sai/SCD and Dai/MCD tokens support

In total, the auditors found 15 issues including 3 issues marked s as “High Risk”. The TokenBridge team addressed all issues:

  • High Risk issues: 3 of 3 resolved
  • Low Risk issues: 2 of 4 resolved (2 acknowledged with comments)
  • Informational Risk issues: 4 of 5 resolved (1 acknowledged with comment)
  • Undetermined Risk issues: 3 of 3 resolved.

The latest version of the contracts including these fixes is version 3.3.0 We would like to thank the Quantstamp team for their quick and meticulous work!

:white_check_mark: The detailed security audit report is available in the TokenBridge monorepo

1 Like