A blockchain bridge enables interoperability between two different blockchains. Typically, it allows one to transfer data and tokens from one chain to another. More accurately, the tokens are locked-up on one chain, and some other tokens are released from a pool or minted on another. With proper accounting of tokens, the user may interact with tokens on the target blockchain as if they had been transferred from the original blockchain.
Bridges also have unique features that can make maintaining security difficult. They involve different blockchains with novel implementations, architectures, and programming languages. Considering the relatively large amount of funds that are often locked up in bridges, security is particularly important. There are several recent examples of zero-day exploits specifically targeting bridges with catastrophic consequences.
The best practice for beginning to mitigate the risk of these bridges and minimize the ability of attackers to cause harm is by performing regular security assessments and architecture reviews of the contracts and code to identify and remediate known and potential vulnerabilities. There is a focused methodology that we follow in reviewing security vulnerabilities in such a system. Not only do we perform a threat assessment of possible exploits of the system, but we also perform a code review, analyze fund loss scenarios, and assess program authentication scenarios for each identified component that participates in the token movement activities.
Allbridge Core is a cross-chain bridge for stablecoins with liquidity pool staking and rewards. It enables cross-chain transfers between EVM and non-EVM chains, using messaging protocols to perform swaps. For a more in-depth overview of Allbridge and its roadmap, please see Allbridge’s Core documentation page here.
Allbridge engaged Kudelski Security to perform a security assessment of their Allbridge Core (bridge) to identify and mitigate any unexpected risks associated with their smart contract bridge. This work was completed in December of 2022. During our review, we analyzed and reviewed the pool contract as this contains functionality to withdraw tokens and contains token swap mechanics. This is because the following points are known vulnerable areas of a pool contract:
- Access control of any token withdrawal
- Functions that use the exchange curve
- Logic of the token swap
- Accounting of virtual tokens
- Numerical errors in accounting
Our assessment focused on code committed as of October 7th, 2022, and focused on the following objectives:
- Help the client to better understand its security posture on the external perimeter and identify risks in its deployed chain & contract infrastructure.
- Provide a professional opinion on the maturity, adequacy, and efficiency of the security measures that are in place.
- Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our tests.
The first step was a workshop with Allbridge where their team walked us through their repository, covering design and functionality. We then created a threat model outlining the architecture of their bridge and the areas of risk based on that architecture. Next, we conducted an in-depth code review where we identified and classified vulnerabilities focusing on both the smart contracts and the underlying math they were based on. We discussed those with the Allbridge team as they were found and provided recommendations to remediate them.
Throughout the assessment, the Allbridge team was highly collaborative and responsive to any questions or comments that we had. Their code was well-structured and thoughtful. It was a pleasure working with the Allbridge team and we are looking forward to working with them again in the future.
The full Kudelski Security report is located here: https://kudelskisecurity.com/wp-content/uploads/Stable-Bridge-Secure-Code-Review-v3.1-public-redacted-1.pdf