Omniscia Sovryn Audit

Bridge V Implementation Security Audit

We were tasked with auditing the V4 upgrade of the Sovryn Bridge implementation.

Over the course of the audit we were able to pinpoint certain medium vulnerabilities that stem from outdated code, incorrect validation and improper state transitions of the overall system.

Additionally, we identified optimizations that can be applied across the codebase as well as certain minor discrepancies that we advise be dealt with to ensure the codebase becomes of a high standard.

Files in Scope	Repository	Commit(s)
AllowTokens.sol (ATS)	Bridge-SC	b1164236aa, 37219231e6
Bridge.sol (BRI)	Bridge-SC	b1164236aa, 37219231e6
Federation.sol (FED)	Bridge-SC	b1164236aa, 37219231e6
IErc777Receiver.sol (IER)	Bridge-SC	b1164236aa, 37219231e6
MultiSigWallet.sol (MSW)	Bridge-SC	b1164236aa, 37219231e6
SideToken.sol (STN)	Bridge-SC	b1164236aa, 37219231e6
SideTokenFactory.sol (STF)	Bridge-SC	b1164236aa, 37219231e6
Utils.sol (UTI)	Bridge-SC	b1164236aa, 37219231e6
erc777Converter.sol (ERC)	Bridge-SC	b1164236aa, 37219231e6

During the audit, we filtered and validated a total of 5 findings utilizing static analysis tools as well as identified a total of 20 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

Bridge V Implementation Security Audit

Compilation