BabelFish Protocol Phase Security Audit

We were tasked with auditing the BabelFish phase 1 implementation by Sovryn.

In this initial phase, the contract system is simply meant to act as a conversion gateway between two types of assets and is able to also interface with the bridge implementation of Sovryn.

We were able to pinpoint certain minor issues in the codebase mostly relating to its configuration as well as conformity with best security practices although no actively exploitable attack vector was identified.

We should note that the Masset implementation is meant to reflect an upgrade-able contract system and as such, we strongly recommend its storage to be declared in a separate IMasset implementation that also contains the necessary function signatures all implementations are meant to conform to to avoid any upgrade-related issues from arising in the future.

During the audit, we filtered and validated a total of 3 findings utilizing static analysis tools as well as identified a total of 12 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style