Bot Ocean - Smart Contract Audit Report


Bot Ocean Bridge Audit Report Bot Ocean is building a platform with signals, portfolio tracking, bots marketplace, and a strategy builder within a single interface.

For this audit, we reviewed the project's bridge logic using code provided to us by the team; which includes bridge contracts for both the BSC and ETH networks. Please note we have not reviewed the off-chain logic related to the bridge.

Notes on the Contracts:
  • The team has developed a cross-chain bridge which will allow users to deposits their native Bot Ocean tokens across the ETH or BSC blockchain.
  • The contracts on each chain serve as the on and off ramp for each chain.
  • Users can send their tokens to the bridge contract on the ETH chain to make those tokens available on the BSC chain.
  • Upon bridging their tokens, the team's off-chain logic will provide the user with a series of data which can be used with withdraw their tokens on the other chain.
  • Users will need some BNB in order to claim their tokens on the BSC chain, and some ETH to claim on the Ethereum chain.
  • The bridge contract on the BSC chain is also the token contract, so when tokens are claimed, they are minted to the user.
  • There are no fees charged by the team for using the contract.
  • The chainName variable can be set constant in both contracts to save gas on deployment.
  • Some functions can be declared external instead of public to save on gas.
  • Utilization of SafeMath to prevent overflows.
  • We advise using Solidity 0.7.6 rather than 0.7.3.

  • Audit Findings Summary:
    • No security issues were identified.
    • Users must trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
    • Date: May 5th, 2021

    Combined External Threat Results

    Vulnerability CategoryNotesResult
    Arbitrary Storage WriteN/APASS
    Arbitrary JumpN/APASS
    Delegate Call to Untrusted ContractN/APASS
    Dependence on Predictable VariablesN/APASS
    Deprecated OpcodesN/APASS
    Ether ThiefN/APASS
    External CallsN/APASS
    Integer Over/UnderflowN/APASS
    Multiple SendsN/APASS
    State Change External CallsN/APASS
    Unchecked RetvalN/APASS
    User Supplied AssertionN/APASS
    Critical Solidity CompilerN/APASS
    Overall Contract Safety PASS

    Inheritence Chart

    Smart Contract Inheritance

    Function Graph

    Smart Contract Graph

    Functions Overview

     ($) = payable function
     # = non-constant function
     Int = Internal
     Ext = External
     Pub = Public
     +  Context
        - [Int] _msgSender
        - [Int] _msgData
     + [Int] IBridgeV1
        - [Ext] SwapOut #
        - [Ext] SwapIn #
     +  Ownable (Context)
        - [Pub]  #
        - [Pub] owner
        - [Pub] renounceOwnership #
           - modifiers: onlyOwner
        - [Pub] transferOwnership #
           - modifiers: onlyOwner
     + [Int] IERC20
        - [Ext] totalSupply
        - [Ext] balanceOf
        - [Ext] transfer #
        - [Ext] allowance
        - [Ext] approve #
        - [Ext] transferFrom #
     + [Lib] SafeMath
        - [Int] tryAdd
        - [Int] trySub
        - [Int] tryMul
        - [Int] tryDiv
        - [Int] tryMod
        - [Int] add
        - [Int] sub
        - [Int] mul
        - [Int] div
        - [Int] mod
        - [Int] sub
        - [Int] div
        - [Int] mod
     +  Bridge (IBridgeV1, Ownable)
        - [Pub]  #
        - [Ext] SwapOut #
        - [Ext] SwapIn #
           - modifiers: onlyOwner
        - [Pub] withdraw #
           - modifiers: onlyOwner
        - [Pub] updateFee #
           - modifiers: onlyOwner