We were tasked with performing an audit of Beehive's codebase and in particular their full Rain protocol implementation.
The protocol consists of multiple components ranging from a novel superficial on-chain VM taking advantage of SSTORE2 operations and view function execution costs to a large contract suite of supportive contracts for facilitating a fund raise, verifiable identities and more.
Over the course of the audit, we identified a major vulnerability in the Rain virtual machine and in particular their mathematical operation implementation of exponention in addition to certain vulnerabilities and potential attack scenarios that we have extensively outlined in their respective finding pages.
We advise the Rain protocol team to consider all vulnerabilities identified, provide remediations for them and to additionally consider all style and gas optimizations that we have advised to ensure the codebase retains the high level it already attains.
Post-Audit Conclusion
The Rain Protocol team assimilated all exhibits outlined in the report to the codebase, provided adequate documentation and material to refute some of the issues, and indicated future plans meant for acknowledged exhibits that will be fixed in an upcoming update.
Additionally, all of our gas optimization and code style findings were integrated in the codebase were deemed sensible.
The code can be considered of very high quality and conforming to a rigorous security standard.
During the audit, we filtered and validated a total of 7 findings utilizing static analysis tools as well as identified a total of 48 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
pie
title Total Issues
"Major" : 1
"Medium" : 6
"Minor" : 17
"Informational" : 31
The list below covers each segment of the audit in depth and links to the respective chapter of the report:
