CryptoCart Bridge - Smart Contract Audit Report
Summary
The CryptoCart Team has developed a cross-chain bridge which will allow their users to deposit their native CryptoCart tokens across the ETH, Binance, or Polygon blockchains.
Notes on the Contracts:The CryptoCart Bridge contracts on each chain serve as the on and off ramp for the various chains. For example, users can send their tokens to the bridge contract on the Ethereum Blockchain to make those tokens available on the Binance or Polygon Blockchains. In order to claim their tokens on one of the desired blockchains, users will need to have currency that is native to the chain of which they are claiming tokens. (ETH for Ethereum, BNB for Binance, MATIC for Polygon). The code for each bridge contract is identical so the same logic applies for each. The contract utilizes multi-owner logic to extend ownership priveledges to multiple addresses to manage the contract and various functionality. There is a commission fee that is charged (in ETH/BNB/MATIC) for using the bridge. The commission is distributed across the owners. Any owner has the ability to write a transaction which will specify an amount of $CC Tokens that a given address can receive when they claim. Any owner has the ability to withdraw $CC tokens from the contract and transfer them to an address that they specify. Any owner has the ability to withdraw ETH/BNB/MATIC from the contract and transfer it to an address that they specify. Some functions can be declared external instead of public to save on gas. The contracts ulitize SafeMath to prevent issues related to overflow/underflows.
Audit Findings Summary:
- No issues from external attackers were identified.
- Ensure trust in the team as they have the ability to withdraw any $CC and ETH/BNB/MATIC from each of the bridge contract balances.
- Further, ensure trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
- Date: October 17th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
Details: ethBridge Contract
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Multiownable
- [Pub] isOwner
- [Pub] ownersCount
- [Pub] allOperationsCount
- [Pub] #
- [Int] checkHowManyOwners #
- [Int] deleteOperation #
- [Pub] cancelPending #
- modifiers: onlyAnyOwner
- [Pub] transferOwnership #
- [Pub] transferOwnershipWithHowMany #
- modifiers: onlyManyOwners
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ CryptoCart (ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] burn #
+ ethBridge (Multiownable)
- [Pub] #
- [Pub] sendTokens #
- [Pub] writeTransaction #
- modifiers: onlyAllOwners
- [Pub] recieveTokens ($)
- [Pub] withdrawTokens #
- modifiers: onlyAllOwners
- [Pub] withdrawEther #
- modifiers: onlyAllOwners
Details: bnbBridge Contract
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Multiownable
- [Pub] isOwner
- [Pub] ownersCount
- [Pub] allOperationsCount
- [Pub] #
- [Int] checkHowManyOwners #
- [Int] deleteOperation #
- [Pub] cancelPending #
- modifiers: onlyAnyOwner
- [Pub] transferOwnership #
- [Pub] transferOwnershipWithHowMany #
- modifiers: onlyManyOwners
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ CryptoCart (ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] burn #
+ bnbBridge (Multiownable)
- [Pub] #
- [Pub] sendTokens #
- [Pub] writeTransaction #
- modifiers: onlyAllOwners
- [Pub] recieveTokens ($)
- [Pub] withdrawTokens #
- modifiers: onlyAllOwners
- [Pub] withdrawEther #
- modifiers: onlyAllOwners
Details: maticBridge Contract
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ Multiownable
- [Pub] isOwner
- [Pub] ownersCount
- [Pub] allOperationsCount
- [Pub] #
- [Int] checkHowManyOwners #
- [Int] deleteOperation #
- [Pub] cancelPending #
- modifiers: onlyAnyOwner
- [Pub] transferOwnership #
- [Pub] transferOwnershipWithHowMany #
- modifiers: onlyManyOwners
+ Context
- [Int] _msgSender
- [Int] _msgData
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Lib] SafeMath
- [Int] add
- [Int] sub
- [Int] sub
- [Int] mul
- [Int] div
- [Int] div
- [Int] mod
- [Int] mod
+ ERC20 (Context, IERC20)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _setupDecimals #
- [Int] _beforeTokenTransfer #
+ CryptoCart (ERC20)
- [Pub] #
- modifiers: ERC20
- [Pub] burn #
+ maticBridge (Multiownable)
- [Pub] #
- [Pub] sendTokens #
- [Pub] writeTransaction #
- modifiers: onlyAllOwners
- [Pub] recieveTokens ($)
- [Pub] withdrawTokens #
- modifiers: onlyAllOwners
- [Pub] withdrawEther #
- modifiers: onlyAllOwners