Brahma Console is a custody and DeFi execution environment built with Safe as custody rails, enabling granular access control with transaction policies and roles, as well as automated execution.
Brahma engaged Ackee Blockchain to perform a security review of the Brahma protocol’s commit 3578883 with a total time donation of 8 engineering days in a period between September 25 and October 5, 2023.
METHODOLOGY
We began our review by using static analysis tools, namely Wake. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we involved Wake testing framework.
We prepared a fuzz test covering the whole project, which yielded the H1 and M1 issues.
During the review, we paid special attention to:
- checking and testing signature validation of all kinds
- checking the possibility of manipulating registries
- checking the possibility of replay attacks
- ensuring the guards can not lead to DoS or be bypassed
- ensuring access controls are not too relaxed or too strict
- detecting possible reentrancies in the code
- looking for common issues such as data validation.
SCOPE
The audit was performed on the commit 3578883 and the scope was the following:
- AddressProvider.sol
- AddressProviderService.sol
- Constants.sol
- ExecutorPlugin.sol
- PolicyValidator.sol
- SafeDeployer.sol
- SafeEnabler.sol
- SafeModerator.sol
- SafeModeratorOverridable.sol
- TransactionValidator.sol
- ExecutorRegistry.sol
- PolicyRegistry.sol
- WalletRegistry.sol
- SafeHelper.sol
- TypeHashHelper.sol
For Revision 1.1 the review was done on the given commit: 4589ec4 and the scope was only the findings.
FINDINGS
Here we present our findings.
Critical severity
No critical severity issues were found.
High severity
H1: Console permanent denial of service
Medium severity
M1: _isGuardBeingRemoved check dysfunctional
Low severity
L1: Console guard can be enabled with zero policy
Warning severity
W1: Authorized addresses can not be deauthorized
W2: CallType different order than Safe Operation
W3: Registry addresses can not be changed
Informational severity
I1: Outdated documentation
CONCLUSION
Our review resulted in 7 findings, ranging from Info to High severity. The most severe one, discovered by the fuzz test, posed a possibility of denial of service (H1). Otherwise, the codebase is of high quality and is well-designed.
At present, the H1 and M1 issues stand fixed by the Brahma team.
We recommended Brahma to:
- update the documentation according to the new codebase
- address all other reported issues.
Ackee Blockchain’s full Brahma audit report with a more detailed description of all findings and recommendations can be found here.
We were delighted to audit Brahma and look forward to working with them again.
