{"componentChunkName":"component---node-modules-rocketseat-gatsby-theme-docs-core-src-templates-docs-query-js","path":"/manual-review","result":{"data":{"mdx":{"id":"e2f8d8d6-d8ef-59c9-b1d4-c2766fc134fe","excerpt":"A  thorough line-by-line review  was conducted on the codebase to identify potential malfunctions and vulnerabilities in the cross-chain synthetic asset bridge…","fields":{"slug":"/manual-review/"},"frontmatter":{"title":"Manual Review","description":"Briefly describes the output of the manual review of the project.","image":null,"disableTableOfContents":null},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Manual Review\",\n  \"description\": \"Briefly describes the output of the manual review of the project.\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"A \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"thorough line-by-line review\"), \" was conducted on the codebase to identify potential malfunctions and vulnerabilities in the cross-chain synthetic asset bridge.\"), mdx(\"p\", null, \"As the project at hand implements a cross-chain aware bridge implementation, intricate care was put into ensuring that the \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"flow of funds within the system conforms to the specifications and restrictions\"), \" laid forth within the protocol's specification and that \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"all features exposed by it are blockchain-aware\"), \".\"), mdx(\"p\", null, \"We validated that \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"all state transitions of the system occur within sane criteria\"), \" and that all rudimentary formulas within the system execute as expected. We \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"identified two vulnerabilities relating to access control\"), \" within the system which could have had \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"severe ramifications\"), \" to its overall operation, however, they were conveyed ahead of time to the Symbiosis Finance team to be \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"promptly remediated\"), \".\"), mdx(\"p\", null, \"Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://eips.ethereum.org/\"\n  }, \"ERC / EIP\"), \" standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend the documentation of the project to be expanded at certain complex points such as the function encoding for cross-chain interaction as those interfaces could not be validated by the codebase alone.\"), mdx(\"p\", null, \"A total of \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"28 findings\"), \" were identified over the course of the manual review of which \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"17 findings\"), \" concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"/symbiosis-finance-router-bridge/code-style\"\n  }, \"Code Style\"), \" chapter.\"), mdx(\"p\", null, \"The finding table below enumerates all these security / behavioural findings:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"ID\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Addressed\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Title\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/BridgeV2-BV2#BV2-01M\"\n  }, \"BV2-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-medium\",\n    \"src\": \"https://omniscia.io/report-assets/medium.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Sanitization of Commissions\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/MetaRouterV2-MRV#MRV-01M\"\n  }, \"MRV-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-medium\",\n    \"src\": \"https://omniscia.io/report-assets/medium.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Validation of Calldata Slots\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/MetaRouterV2-MRV#MRV-02M\"\n  }, \"MRV-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Arbitrary Approvals\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/MetaRouterV2-MRV#MRV-03M\"\n  }, \"MRV-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Ill-Advised Allowance Pattern\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/MetaRouterV2-MRV#MRV-04M\"\n  }, \"MRV-04M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Improper \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"receive\"), \" Function\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Portal-POR#POR-01M\"\n  }, \"POR-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Access Control for Reverts\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Portal-POR#POR-02M\"\n  }, \"POR-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Improper \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"receive\"), \" Function\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Portal-POR#POR-03M\"\n  }, \"POR-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Potential of Repeat Invocation\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/SyntERC20-SER#SER-01M\"\n  }, \"SER-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Arbitrary Burn Operations\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Synthesis-SYN#SYN-01M\"\n  }, \"SYN-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Access Control for Reverts\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Synthesis-SYN#SYN-02M\"\n  }, \"SYN-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Improper Reversion of Burn\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Synthesis-SYN#SYN-03M\"\n  }, \"SYN-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inconsistent Event Amount\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Synthesis-SYN#SYN-04M\"\n  }, \"SYN-04M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Validation of Token Existence\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Synthesis-SYN#SYN-05M\"\n  }, \"SYN-05M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Potential of Repeat Invocation\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Wrapper-WRA#WRA-01M\"\n  }, \"WRA-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Deprecated Native Asset Transfer\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Wrapper-WRA#WRA-02M\"\n  }, \"WRA-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Improper \", mdx(\"inlineCode\", {\n    parentName: \"td\"\n  }, \"receive\"), \" Function\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/symbiosis-finance-router-bridge/manual-review/Wrapper-WRA#WRA-03M\"\n  }, \"WRA-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-no\",\n    \"src\": \"https://omniscia.io/report-assets/no.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Validation of Amounts\")))));\n}\n;\nMDXContent.isMDXComponent = true;","headings":[]}},"pageContext":{"slug":"/manual-review/","prev":{"label":"Static Analysis","link":"/static-analysis"},"next":{"label":"Code Style","link":"/code-style"}}},"staticQueryHashes":["1954253342","2328931024","2501019404","973074209"]}