We’re pleased to announce the completion of an audit by Least Authority. Sygma enlisted the help of Least Authority to investigate and review the Sygma protocol, followed by issue reporting and mitigation processes.
The audit in brief
Sygma comprises a network of validators that run the relayer implementation and smart contracts on the source and destination chains. In the current implementation, Sygma includes Ethereum and Substrate smart contract suites to facilitate interoperability between the Ethereum and Substrate ecosystems.
In scope for this audit were Sygma’s solidity, relayer, and Substrate repositories, and more specifically, it focused on checking fundamentals like:
- The correctness of the implementation
- Adversarial actions and other potential attacks on the bridge
- Vulnerabilities in the code and whether certain interactions are secure
- Data privacy, data leaking, and information integrity
- Proper management of encryption and signing keys, etc.
Auditors reviewed Sygma’s design and implementation, investigating the areas listed above to identify potential vulnerabilities — and we’re happy to report that this process did not turn up any critical issues.
During the review process, auditors checked the workflow of the relayer, including listening for and parsing chain events, creating and signing transactions, and performing smart contract function calls. No vulnerabilities or openings for state corruption attacks in the relayer were found.
Auditors noted that functionality passing data between the relayer code and the TSS lib endpoint is relatively complex due to the concurrent implementation. But again, they could not find issues capable of compromising the protocol.
Least Authority also investigated issues related to malformed inputs to the Solidity smart contracts and found that functions either perform sufficient input sanitation or are only accessible to explicitly permissioned addresses. And finally, when examining Sygma’s Substrate pallets, auditors did not identify significant security vulnerabilities.
We’re dedicated to ensuring that the Sygma codebase is secure. Completing our second audit was an important box to tick as we prepare to launch on mainnet, and we’re grateful for the comprehensive work by Least Authority. All the issues brought to light during this process have been resolved by our team. The full audit report can be found here.
Applications for the Sygma Builders Program are open
We’ve initiated a builder program to provide technical support and monetary incentives for interested builders. Full details can be found 👉here.