In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge. The goal of the project was to evaluate the security of the smart contracts. The reviewed Solidity code is well written and clear. Some comments, however, have become outdated and should be corrected. The repository includes tests.Nevertheless, it is recommended to make coverage reports (for example with the solidity-coverage tool) and make sure to add the necessary tests to achieve full coverage, and confirm that during development new tests are added as needed to always have full coverage.
The 3 medium-risk issues identified by Coinspect include partially arbitrary calls from the Vault contract controllable by users, insufficient checks when swapping committees in the IncognitoProxy contract, and a race condition that can be triggered when swapping committees. The other 8 findings are low-risk, but some of them could potentially have a high impact if exploited and fixing them should be prioritized (see the impact field in the issues in section 6).
It is important to mention that the contracts are upgradeable; this means that they are not truly autonomous and the Incognito organization has full power over the contracts and the deposited funds. Upgradability allows the organization to fix bugs and potentially mitigate ongoing attacks by pausing a contract, but at the same time it also poses a risk. Special care should be taken with the admin keys that allow access to this functionality; it is also recommended to consider resigning admin access in the future to make the contracts fully autonomous, or consider options for decentralized governance.
The off-chain components were out of scope for this assessment, and it is recommended to audit them in the future.
We invite you to download and read the detailed report below.