Least Authority, a well-known web3 security consulting firm, recently completed an audit of tBTC v2, encompassing all of tBTC v2’s security-critical components. Below is a summary of the findings. You can view the full report here.
No Security Vulnerabilities were Identified in the Key Components
Least Authority did not find any security vulnerabilities in tBTC v2’s key components, including its MaintainerProxy smart contract, Vault, Sortition Pool, HeartBeats Mechanism, or Wallet Redistribution. The auditors praised tBTC v2’s governance and democratic enforcement elements. Additional details can be found on pages 5 - 7 of the report.
Code Quality and Documentation
Least Authority found that the code repositories it examined were implemented “in accordance with accepted engineering standards and generally follow best practices as demonstrated by modules following a logical flow, the correct use of primitives, and the efficient utilization of modifiers.”
The smart contracts in the codebase “show a high degree of organization,” the audit found, and the Bridge components “follow a clean pattern for importing libraries.”
A well-organized, well-documented codebase is key to both the efficiency and security of the BTC-ETH bridging process. More information on this aspect of the audit can be found on pages 8 and 9.
Least Authority also analyzed tBTC v2’s project dependencies for vulnerabilities, out-of-date packages, and excessive or unnecessary dependency usage, and found no issues that presented security threats.
Areas of Feedback
The audit identified two potential vulnerabilities in tBTC v2. The first concerned Bitcoin SPV proofs and affects the bitcoin-spv library used by the tBTC Bridge v2 smart contract. A second related to updates in non-zero account balances in the Bank, the mechanism that tracks bitcoin balances. Both of these have since been fully resolved. Details can be found on pages 9 - 11 of the audit.
Finally, the auditors suggested tweaks to certain other elements of tBTC v2. Details on each suggestion and actions taken in response can be found in the full report.
A Secure Way to Use Your BTC in the DeFi Ecosystem
Transparency is central to tBTC’s ethos. Least Authority’s audit reflects the commitment of tBTC’s developers to build a secure Bitcoin-to-Ethereum Bridge that is scalable while remaining truly decentralized. It provides important feedback and affirmation as we continue to move forward with the series of Chaosnet releases leading up to the full launch of tBTC v2.
Join our Discord to stay up to date with the latest news about tBTC.