Context
As the NitroLite project continue evolving, this audit was adamant to highlight the flaws present so far.
During the audit process itself the project required to change directions, leading to drastic changes being introduced.
This has resulted into an Audit covering an older version of the protocol, therefore fixes are going to be applied to the commit 74986b8, while many of them will be cherry-picked on master afterwards.
It should also be noted that after an audit process was complete, it became obvious that some of the files will be drastically changed, henceforth we decided not to spend resources on fixing related issues.
Results
All changes to the codebase since the Audit commit (74986b8) can be tracked on a feat/04-25-audit branch. ALL changes are available in 6c00d29 commit.
Fell out of scope
We ACKNOWLEDGE all of the following issues WITHOUT creating a fix for them, as the contracts are obsolete and will be DRASTICALLY CHANGED soon.
- CSU-01C: Inefficient Conditionals (informational)
- NRP-01C: Misleading Documentation (informational)
- CSU-01M: Insufficient Adjudicator Implementation (major)
- CRE-01M: Insufficient Adjudicator Implementation (major)
- MPT-01M: Inexplicable Micropayment Channel Adjudicator (medium)
- MPT-02M: Insufficient Adjudicator Implementation (major)
Acknowledged
We simply acknowledge the following issues without comments:
- CYD-01C: Ineffectual Usage of Safe Arithmetics (informational)
- CYD-05C: Non-Standard Usage of Library (informational)
Not relevant / remedied by the protocol
We believe that the following issues are not relevant to the protocol itself, are already resolved by protocol intentions or rules, or it is a 3rd party being responsible for avoiding such an issue.
Remedied
We have amended changes to the codebase, hopefully resolving the following issues:
Manual Review:
Code Style:
Fixed by #66:
- CYD-04C: Inefficient mapping Lookups
- CYD-06C: Redundant Local Variables
- CYD-07C: Redundant Parenthesis Statements
- CYD-08C: Redundant Restriction
- CYD-09C: Suboptimal Struct Declaration Styles
- USL-01C: Non-Standard Usage of Library
- DYM-01C: Redundant Named Arguments
Context
As the NitroLite project continue evolving, this audit was adamant to highlight the flaws present so far.
During the audit process itself the project required to change directions, leading to drastic changes being introduced.
This has resulted into an Audit covering an older version of the protocol, therefore fixes are going to be applied to the commit 74986b8, while many of them will be cherry-picked on master afterwards.
It should also be noted that after an audit process was complete, it became obvious that some of the files will be drastically changed, henceforth we decided not to spend resources on fixing related issues.
Results
All changes to the codebase since the Audit commit (74986b8) can be tracked on a
feat/04-25-auditbranch. ALL changes are available in 6c00d29 commit.Fell out of scope
We ACKNOWLEDGE all of the following issues WITHOUT creating a fix for them, as the contracts are obsolete and will be DRASTICALLY CHANGED soon.
Acknowledged
We simply acknowledge the following issues without comments:
Not relevant / remedied by the protocol
We believe that the following issues are not relevant to the protocol itself, are already resolved by protocol intentions or rules, or it is a 3rd party being responsible for avoiding such an issue.
Remedied
We have amended changes to the codebase, hopefully resolving the following issues:
Manual Review:
checkpointandchallenge#55lockedtracking #48Code Style:
CYD-02C: Inefficient Increment Operation
Fixed by feat(Custody): remove account
lockedtracking #48.CYD-03C: Inefficient Loop Limit Evaluation
Fixed by feat(Custody): restrict to 2 participant channels #63.
Fixed by #66: