Allbridge's maintainers, with support from Stellar Development Foundation, engaged with Quarkslab to perform an audit of Allbridge Core implementation in the Stellar ecosystem. This new implementation uses Stellar's smart contracts platform: Soroban.
Introduction
Allbridge Core is a cross-chain swap built specifically for dollar-pegged tokens (stablecoins). It operates on multiple blockchains and allows users to transfer stablecoin funds across different networks. As of today, Allbridge Core oversees a Total Value Locked (TVL) exceeding $17 million. It works by keeping liquidity pools for the supported tokens on each blockchain. Incoming tokens go into the pool, and the value of those tokens is sent via the messaging protocol to another chain, where it is converted back to tokens to be paid to the user.
Allbridge Core supports several blockchains such as Ethereum, Polygon, and Solana. The project is evolving and will be deployed in the Stellar ecosystem. Allbridge's maintainers implemented the Allbridge Core protocol for the Stellar blockchain in addition to the Allbridge Classic protocol already supported.
The Stellar ecosystem provides the Soroban environment. It is a smart contract platform that was audited by Quarkslab and introduced as a new feature to the mainnet. This platform includes the smart contract environment, a Rust SDK, a CLI, and an RPC server.
The goal of this audit was to assess the security of the Soroban implementation of Allbridge Core protocol. The full audit report is available on Allbridge's website.
Scope
The scope of this audit included the standard architecture of the Allbridge Core protocol. It is divided into four Soroban smart contracts, available in the allbridge-io/allbridge-core-soroban-contracts GitHub repository:
- Bridge smart contract
- Messenger smart contract
- Gas oracle smart contract
- Pool smart contract
Findings
The table below summarizes the findings of the audit. A total of 8 issues were found, of which 1 had medium severity and 1 had low severity, while the others were informational only.
| ID | Title | Severity | Perimeter |
|---|---|---|---|
| MED-1 | Admin can drain stablecoin liquidity | Medium | Pool (set_bridge) |
| LOW-1 | Lack of input sanitization in admin functions | Low | Pool (setters) |
| INFO-1 | Tests reproduce the code logic | Info | Tests |
| INFO-2 | Bridge implements an insecure pattern | Info | Bridge (swap_and_bridge) |
| INFO-3 | Superfluous storage DataKey::ReceivedMessage |
Info | Messenger |
| INFO-4 | Unused variant DataKey::Admin |
Info | Gas oracle |
| INFO-5 | Admin fees seem to be incorrect | Info | Pool (initialize) |
| INFO-6 | Multiple casting from u128 to i128 | Info | Pool (deposit) |
All the reported findings were fixed, except the medium severity finding. Allbridge acknowledged this issue and stated they plan to address it by developing a cross-chain DAO in their 2024 timeline.
Conclusion
The Allbridge Core protocol codebase, upon thorough review, has demonstrated a great level of maturity and sophistication. Quarkslab had a successful collaboration with Allbridge with the help of the Stellar Development Foundation and participated in securing a key component of the ecosystem. Despite the constrained timeline, this comprehensive evaluation unveiled one medium and one low severity issue. Going forward, we strive to continue pursuing our mission of advancing security in the Web3 ecosystem.