Platform: Code4rena
Start Date: 12/07/2023
End Date: 21/07/2023
Period: 9 days
Status: Completed
Pot Size: $80,000 USDC
Participants: 47
Reporter: thebrittfactor
Judge: berndartmueller
Id: 260
League: ETH
immeas | 1/47 | $12,679.20 | 7 | 1 | 0 | 5 | 0 | Grade A | 0 | 0 |
nobody2018 | 2/47 | $11,945.25 | 4 | 2 | 0 | 2 | 0 | 0 | 0 | 0 |
Jeiwan | 3/47 | $9,509.32 | 6 | 1 | 0 | 3 | 0 | Grade B | 0 | Grade B |
pcarranzav | 4/47 | $5,976.24 | 4 | 0 | 0 | 3 | 0 | 0 | 0 | Grade A |
0xTheC0der | 5/47 | $4,711.20 | 1 | 0 | 0 | 1 | 1 | 0 | 0 | 0 |
nirlin | 6/47 | $2,120.04 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Chom | 7/47 | $1,956.96 | 2 | 0 | 0 | 2 | 0 | 0 | 0 | 0 |
QiuhaoLi | 8/47 | $1,630.80 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
T1MOH | 9/47 | $1,410.12 | 3 | 0 | 0 | 2 | 0 | Grade B | 0 | 0 |
bart1e | 10/47 | $1,272.02 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Auditor per page
Automated findings output for the audit can be found here.
Note for C4 wardens: Anything included in the automated findings output is considered a publicly known issue and is ineligible for awards.
Axelar is a decentralized interoperability network connecting all blockchains, assets and apps through a universal set of protocols and APIs. It is built on top off the Cosmos SDK. Users/Applications can use Axelar network to send tokens between any Cosmos and EVM chains. They can also send arbitrary messages between chains.
Axelar network's decentralized validators confirm events emitted on EVM chains (such as message send), and sign off on commands submitted (by automated services) to the gateway smart contracts (such as minting token, and approving message on the destination).
Axelar powered apps implement the AxelarExecutable contract which exposes an execute method that checks if the Axelar Gateway contract recorded an approval for that message. The relayer (can be anyone due to being permissionless) triggers the execute method automatically once the message has been confirmed by the Axelar network.
The scope of this audit covers the following features:
Please see design docs for specific implementation details.
npm ci npm run build npm run test REPORT_GAS=true npm run test # report gas estimates npm run coverage # open ./coverage/index.html for unit test coverage
Below is a list of all contracts and interfaces within scope for this audit.
❗️ NOTE: There is a SLOC discrepancy between the total SLOC of AxelarGateway.sol and the scope because this contract has already undergone audits in the past. Only code that has been modified, specifically the upgrade, setup, transferGovernance, transferMintLimiter, setTokenMintLimits functions and the onlyGovernance and onlyMintLimiter modifier definitions are within the scope of this audit.
| Contract | SLOC | Purpose | Libraries used |
|---|---|---|---|
| IInterchainGovernance.sol | 26 | This interface extends IAxelarExecutable to receive interchain governance proposals. | N/A |
| InterchainGovernance.sol | 96 | This contract handles cross-chain governance actions. It includes functionality to create, cancel, and execute governance proposals. | N/A |
| IAxelarServiceGovernance.sol | 14 | This interface extends IInterchainGovernance and IMultisigBase for multisig proposal actions. | N/A |
| AxelarServiceGovernance.sol | 62 | This contract is part of the Axelar Governance system, it inherits the Interchain Governance contract with added functionality to approve and execute multisig proposals. | N/A |
| IMultisigBase.sol | 17 | An interface defining the base operations for a multisignature contract. | N/A |
| MultisigBase.sol | 82 | This contract implements a custom multisignature wallet where transactions must be confirmed by a threshold of signers. The signers and threshold can be updated. | N/A |
| IMultisig.sol | 10 | This interface extends IMultisigBase by adding an execute function for multisignature transactions. | N/A |
| Multisig.sol | 15 | An extension of MultisigBase that can call functions on any contract. | N/A |
| ITimeLock.sol | 8 | Interface for a TimeLock that enables function execution after a certain time has passed. | N/A |
| TimeLock.sol | 45 | A contract that enables function execution after a certain time has passed. Implements the ITimeLock interface. | N/A |
| ICaller.sol | 5 | Interface for external contract caller.sol. | N/A |
| Caller.sol | 15 | A contract to call a target address with specified calldata and optionally send value. | N/A |
| AxelarGateway.sol | 70 | Updated implementation of AxelarGateway with governance and mint limiter integration. NOTE: only the upgrade, setup, transferGovernance/transferMintLimiter, and onlyGovernance/onlyMintLimiter functions are within scope. | N/A |
| InterchainProposalSender.sol | 54 | This contract is responsible for facilitating the execution of approved proposals across multiple chains. It achieves this by working in conjunction with the AxelarGateway and AxelarGasService contracts. This is meant to be used by on-chain DAOs to enable interchain governance of their cross-chain apps, e.g. Uniswap. | InterchainCalls |
| IInterchainProposalSender.sol | 11 | Interface for InterchainProposalSender. | N/A |
| InterchainProposalExecutor.sol | 84 | This contract is intended to be the destination contract for InterchainProposalSender contract. The proposal will be received and executed from this contract on the destination chain. | StringToAddress InterchainCalls |
| IInterchainProposalExecutor.sol | 19 | Interface for InterchainProposalExecutor. | N/A |
| InterchainCalls.sol | 14 | This library provides struct definitions for interchain calls. | N/A |
| ConstAddressDeployer.sol | 48 | This contract is responsible for deploying and initializing new contracts using CREATE2 which ensures that the deployed address is deterministic and depends on the sender address, salt, and contract bytecode. | N/A |
| Create3Deployer.sol | 26 | This contract is responsible for deploying and initializing new contracts using the CREATE3 technique which ensures that only the sender address and salt influence the deployed address, not the contract bytecode. | Create3.sol |
| Create3.sol | 32 | This file contains the CreateDeployer contract and the Create3 library to help with the implementation of Create3Deployer. | ContractAddress.sol |
| BaseProxy.sol | 31 | This abstract contract implements a basic proxy that stores an implementation address. Fallback function calls are delegated to the implementation. | N/A |
| Proxy.sol | 23 | A proxy contract that delegates calls to a designated implementation contract, useful for upgradable contracts. | N/A |
| IProxy.sol | 10 | Interface for the Proxy contract. | N/A |
| Upgradable.sol | 39 | This contract provides an interface for upgradable smart contracts and includes the functionality to perform upgrades. | N/A |
| IUpgradable.sol | 17 | Interface for the Upgradable contract. | N/A |
| InitProxy.sol | 33 | A proxy contract that can be initialized to use a specified implementation and owner. Useful in conjunction with ConstAddressDeployer based on create2, so the init args don't need to be on the constructor. | N/A |
| IInitProxy.sol | 9 | Interface for the InitProxy contract. | N/A |
| FinalProxy.sol | 39 | The FinalProxy contract is a proxy that can be upgraded to a final non-upgradable implementation that uses less gas than regular proxy calls. | N/A |
| IFinalProxy.sol | 6 | Interface for the FinalProxy contract. | N/A |
| FixedProxy.sol | 25 | The FixedProxy is a type of Proxy contract with a fixed implementation that cannot be upgraded, and uses less gas. | N/A |
| InterchainToken.sol | 50 | An example implementation of the IInterchainToken. It extends the ERC-20 standard by providing convenience methods such as interchainTransfer. | N/A |
| IInterchainToken.sol | 17 | Interface for InterchainToken. | N/A |
| InterchainTokenService.sol | 533 | ||
| This contract is responsible for facilitating interchain token transfers. It provides several features such as easy deployment of interchain tokens, express transfers, and token flow limits. | StringToBytes32 Bytes32ToString AddressBytesUtils | ||
| AddressBytesUtils.sol | 17 | This library provides utility functions to convert between address and bytes. | N/A |
| IInterchainTokenService.sol | 151 | Interface for InterchainTokenService. | N/A |
| InterchainTokenServiceProxy.sol | 13 | Proxy contract for interchain token service contracts. | N/A |
| RemoteAddressValidatorProxy.sol | 13 | Proxy contract for the RemoteAddressValidator contract. | N/A |
| StandardizedTokenProxy.sol | 15 | Proxy contract for StandardizedToken contracts. | N/A |
| IStandardizedTokenProxy.sol | 4 | Interface for StandardizedTokenProxy. | N/A |
| TokenManagerProxy.sol | 48 | This contract is a proxy for token manager contracts. | N/A |
| ITokenManagerProxy.sol | 8 | Interface for TokenManagerProxy. | N/A |
| RemoteAddressValidator.sol | 80 | Manages and validates remote addresses, keeps track of the address of the interchain token service on remote chains. For EVM chains, the address of the token service would be the same everywhere, but this doesn't hold on non-EVM chains that'll be supported in the future. | AddressToString |
| IRemoteAddressValidator.sol | 17 | Interface for RemoteAddressValidator. | N/A |
| StandardizedToken.sol | 48 | This contract implements a standardized token which extends InterchainToken functionality. | AddressBytesUtils |
| StandardizedTokenLockUnlock.sol | 7 | This contract extends StandardizedToken to use lock/unlock for interchain transfers, giving ERC-20 approval to the token manager to do so. | AddressBytesUtils |
| StandardizedTokenMintBurn.sol | 7 | This contract extends StandardizedToken to use mint/burn mechanism. | AddressBytesUtils |
| IStandardizedToken.sol | 8 | Interface for StandardizedToken. | N/A |
| TokenManager.sol | 105 | This contract is responsible for handling tokens before initiating an interchain token transfer, or after receiving one. | AddressBytesUtils |
| TokenManagerAddressStorage.sol | 18 | This contract extends the TokenManager contract and provides additional functionality to store and retrieve the token address using a predetermined storage slot. | AddressBytesUtils |
| TokenManagerLockUnlock.sol | 26 | This contract is an implementation of TokenManager that locks and unlocks a specific token on behalf of the interchain token service. | AddressBytesUtils |
| TokenManagerMintBurn.sol | 25 | This contract is an implementation of TokenManager that mints and burns a specific token on behalf of the interchain token service. | AddressBytesUtils |
| TokenManagerLiquidityPool.sol | 42 | This contract is a an implementation of TokenManager that stores all tokens in a separate liquity pool rather than within itself. | AddressBytesUtils |
| ITokenManager.sol | 35 | Interface for TokenManager. | N/A |
| ITokenManagerType.sol | 8 | Interface for different Token Manager types. | N/A |
| Distributable.sol | 23 | A contract module which provides a basic access control mechanism, where there is an account (a distributor) that can be granted exclusive access to specific functions. | N/A |
| IDistributable.sol | 7 | Interface for Distributable. | N/A |
| ExpressCallHandler.sol | 172 | Integrates the interchain token service with the GMP express service by providing methods to handle express calls for token transfers and token transfers with contract calls between chains. | N/A |
| IExpressCallHandler.sol | 54 | Interface for ExpressCallHandler. | N/A |
| FlowLimit.sol | 72 | Implements flow limit logic for interchain token transfers. The deployer/owner of the token can optionally set a flow limit which limits the net out flow - in flow volume for interchain transfers of a token. This acts as a security measure to minimize damage of exploits. | N/A |
| IFlowLimit.sol | 8 | Interface for FlowLimit. | N/A |
| Implementation.sol | 13 | This contract serves as a base for other contracts and enforces a proxy-first access restriction. | N/A |
| IImplementation.sol | 4 | Interface for Implementation. | N/A |
| Multicall.sol | 15 | This contract is a multi-functional smart contract which allows for multiple contract calls in a single transaction. See this for example usage. | N/A |
| IMulticall.sol | 4 | Interface for Multicall. | N/A |
| Operatable.sol | 23 | A contract module which provides a basic access control mechanism, where there is an account (an operator) that can be granted exclusive access to specific functions, such as setting flow limits. For the interchain token service itself, this is the axelar service governance contract. | N/A |
| IOperatable.sol | 7 | Interface for Operatable. | N/A |
| Pausable.sol | 20 | This contract provides a mechanism to halt the execution of specific functions on the interchain token service if a paused by the governance operator. | N/A |
| IPausable.sol | 6 | Interface for Pausable. | N/A |
| StandardizedTokenDeployer.sol | 39 | This contract is used to deploy new instances of the StandardizedTokenProxy contract. | N/A |
| IStandardizedTokenDeployer.sol | 17 | Interface for StandardizedTokenDeployer. | N/A |
| TokenManagerDeployer.sol | 21 | This contract is used to deploy new instances of the TokenManagerProxy contract. | N/A |
| ITokenManagerDeployer.sol | 12 | Interface for TokenManagerDeployer. | N/A |
All contracts and interfaces not explicitly mentioned above.
Network resources: https://docs.axelar.dev/resources
Deployed contracts: https://docs.axelar.dev/resources/mainnet
General Message Passing Usage: https://docs.axelar.dev/dev/gmp
Example cross-chain token swap app: https://app.squidrouter.com
- If you have a public code repo, please share it here: - https://github.com/axelarnetwork/axelar-cgp-solidity - https://github.com/axelarnetwork/axelar-gmp-sdk-solidity - https://github.com/axelarnetwork/interchain-governance-executor - https://github.com/axelarnetwork/interchain-token-service - How many contracts are in scope?: 44 - Total SLoC for these contracts?: 3257 - How many external imports are there?: 1 - How many separate interfaces and struct definitions are there for the contracts within scope?: 29 - Does most of your code generally use composition or inheritance?: Inheritance - How many external calls?: 0 - What is the overall line coverage percentage provided by your tests?: 95 - Is there a need to understand a separate part of the codebase / get context in order to audit this part of the protocol?: False - Please describe required context: N/A - Does it use an oracle?: No - Does the token conform to the ERC20 standard?: True - Are there any novel or unique curve logic or mathematical models?: N/A - Does it use a timelock function?: True - Is it an NFT?: False - Does it have an AMM?: False - Is it a fork of a popular project?: False - Does it use rollups?: False - Is it multi-chain?: True - Does it use a side-chain?: False - Is this an upgrade of an existing system? False - Describe any specific areas you would like addressed.: Verify correctness of different token deployment types, and cross-chain transfers. Try to break authentication, token bridging invariants, and governance timelock mechanism