Safe Smart Accounts are the most audited and battle-tested smart contracts on Ethereum securing over $100 billion in assets. The Safe Social Recovery Module is a subcomponent of the wallet that allows to recover access to the wallet when keys from the wallet are lost.
Safe engaged Ackee Blockchain to perform a security review of the Safe Social Recovery Module initially implemented by Candide for a total of 2 engineering days in a period between June 6 and June 14, 2024.
METHODOLOGY
We began our review using static analysis tools, including Wake. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved Wake testing framework.
During the review, we paid special attention to:
- checking the recovery mechanism can not be bypassed,
- ensuring the arithmetic of the system is correct,
- detecting possible reentrancies in the code,
- ensuring access controls are not too relaxed or too strict,
- looking for common issues such as data validation.
With fuzz tests, we created a differential model of the system in Python and defined several flows that executed all the functions and branches in the code. During the execution, we checked for specific assertions and between the flows we checked for the following invariants:
- the guardians in the contract state match the testing model,
- the owners in the contract state match the testing model,
- the threshold of the guardians in the contract state does not go over the number of guardians in the testing model,
- the threshold of the owners in the contract state does not go over the number of owners in the testing model.
SCOPE
The audit has been performed on the commit e6d45c8
and the exact scope was the following files:
- contracts/modules/social_recovery/SocialRecoveryModule.sol
- contracts/modules/social_recovery/storage/GuardianStorage.sol
FINDINGS
Here we present our findings.
Critical severity
No critical severity issues were found.
High severity
No high severity issues were found.
Medium severity
M1: Other modules can be used to gain ownership of the wallet
Low severity
No low severity issues were found.
Warning severity
W1: Confirmed hashes stay in storage
Information severity
No information severity issues were found.
CONCLUSION
Our review resulted in 2 findings, ranging from Warning to Medium severity. The most severe issue is the possibility of a wallet recovery from other modules (see M1 issue). The codebase is overall of very high quality.
Ackee Blockchain recommends Safe to:
- address all reported issues.
Ackee Blockchain’s full Safe audit report with a more detailed description of all findings and recommendations can be found here.
We were delighted to audit Safe and look forward to working with them again.