Brahma Console is a custody and DeFi execution environment built with Safe as custody rails, enabling granular access control with transaction policies and roles, as well as automated execution.

Brahma engaged Ackee Blockchain to perform a security review of the Brahma protocol’s commit 3578883 with a total time donation of 8 engineering days in a period between September 25 and October 5, 2023.


We began our review by using static analysis tools, namely Woke. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we involved Woke testing framework. 

We prepared a fuzz test covering the whole project, which yielded the H1 and M1 issues. 

During the review, we paid special attention to: 

  • checking and testing signature validation of all kinds
  • checking the possibility of manipulating registries
  • checking the possibility of replay attacks
  • ensuring the guards can not lead to DoS or be bypassed
  • ensuring access controls are not too relaxed or too strict
  • detecting possible reentrancies in the code
  • looking for common issues such as data validation.


The audit was performed on the commit 3578883 and the scope was the following:

  • AddressProvider.sol
  • AddressProviderService.sol
  • Constants.sol
  • ExecutorPlugin.sol
  • PolicyValidator.sol
  • SafeDeployer.sol
  • SafeEnabler.sol
  • SafeModerator.sol
  • SafeModeratorOverridable.sol
  • TransactionValidator.sol
  • ExecutorRegistry.sol
  • PolicyRegistry.sol
  • WalletRegistry.sol
  • SafeHelper.sol
  • TypeHashHelper.sol

For Revision 1.1 the review was done on the given commit: 4589ec4 and the scope was only the findings


Here we present our findings.

Critical severity 

No critical severity issues were found. 

High severity 

H1: Console permanent denial of service

Medium severity

M1: _isGuardBeingRemoved check dysfunctional

Low severity

L1: Console guard can be enabled with zero policy

Warning severity 

W1: Authorized addresses can not be deauthorized 

W2: CallType different order than Safe Operation

W3: Registry addresses can not be changed

Informational severity 

I1: Outdated documentation 


Our review resulted in 7 findings, ranging from Info to High severity. The most severe one, discovered by the fuzz test, posed a possibility of denial of service (H1). Otherwise, the codebase is of high quality and is well-designed.

At present, the H1 and M1 issues stand fixed by the Brahma team.

We recommended Brahma to:

  • update the documentation according to the new codebase
  • address all other reported issues.

Ackee Blockchain’s full Brahma audit report with a more detailed description of all findings and recommendations can be found here.

We were delighted to audit Brahma and look forward to working with them again.