Cross Pool Security Audit

We were tasked with auditing the Cross Pool codebase of Hot Cross, a staking token implementation adjusted to be configurable and upgrade-able based on the proxy pattern.

The codebase tries to conform to the canonical Ethereum style guide whilst introducing its own features, rendering it a highly legible codebase. For upgrade-ability purposes, the relevant @openzeppelin/contracts-upgradeable OpenZeppelin dependency has been utilized.

Overall, no vulnerabilities were identified that directly relate to the project's design; however, certain issues were identified that we advise be remediated mostly relating to covering for misconfigurations of the system as well as certain standard-specific nitbits such as handling the return value of ERC-20 transfers.

During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 10 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style