{"id":906,"date":"2024-08-19T12:58:53","date_gmt":"2024-08-19T10:58:53","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=906"},"modified":"2024-08-19T12:59:38","modified_gmt":"2024-08-19T10:59:38","slug":"safe-social-recovery-module","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/safe-social-recovery-module\/","title":{"rendered":"Safe Social Recovery Module"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Safe Smart Accounts are the most audited and battle-tested smart contracts on Ethereum securing over $100 billion in assets. The Safe Social Recovery Module is a subcomponent of the wallet that allows to recover access to the wallet when keys from the wallet are lost.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/safe.global\/\" target=\"_blank\" rel=\"noopener\">Safe<\/a> engaged Ackee Blockchain to perform a security review of the Safe Social Recovery Module initially implemented by <\/span><a href=\"https:\/\/www.candide.dev\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Candide<\/span><\/a><span style=\"font-weight: 400;\"> for a total of 2 engineering days in a period between June 6 and June 14, 2024.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">METHODOLOGY<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">We began our review using static analysis tools, including <\/span><a href=\"https:\/\/getwake.io\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Wake<\/span><\/a><span style=\"font-weight: 400;\">. We then took a deep dive into the logic of the contracts. For testing and fuzzing, we have involved Wake testing framework.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">During the review, we paid special attention to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">checking the recovery mechanism can not be bypassed,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring the arithmetic of the system is correct,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">detecting possible reentrancies in the code,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring access controls are not too relaxed or too strict,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">looking for common issues such as data validation.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">With fuzz tests, we created a differential model of the system in Python and defined several flows that executed all the functions and branches in the code. During the execution, we checked for specific assertions and between the flows we checked for the following invariants:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the guardians in the contract state match the testing model,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the owners in the contract state match the testing model,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the threshold of the guardians in the contract state does not go over the number of guardians in the testing model,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the threshold of the owners in the contract state does not go over the number of owners in the testing model.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">SCOPE<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The audit has been performed on the commit <code class=\"codehl\">e6d45c8<\/code> and the exact scope was the following files:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/modules\/social_recovery\/SocialRecoveryModule.sol<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contracts\/modules\/social_recovery\/storage\/GuardianStorage.sol<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">FINDINGS<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Here we present our findings.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Critical severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No critical severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">High severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No high severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Medium severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">M1: Other modules can be used to gain ownership of the wallet<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Low severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No low severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Warning severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">W1: Confirmed hashes stay in storage<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Information severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No information severity issues were found.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">CONCLUSION<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our review resulted in 2 findings, ranging from Warning to Medium severity. The most severe issue is the possibility of a wallet recovery from other modules (see M1 issue). The codebase is overall of very high quality.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain recommends Safe to:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">address all reported issues.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain\u2019s full Safe audit report with a more detailed description of all findings and recommendations can be found <a href=\"https:\/\/github.com\/safe-global\/safe-modules\/blob\/main\/modules\/recovery\/docs\/v0.1.0\/audit.md\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/b><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">We were delighted to audit Safe and look forward to working with them again.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Safe Smart Accounts are the most audited and battle-tested smart contracts on Ethereum securing over $100 billion in assets. The Safe Social Recovery Module is a subcomponent of the wallet that allows to recover access to the wallet when keys from the wallet are lost. Safe engaged Ackee Blockchain to perform a security review of the Safe Social Recovery Module initially implemented&hellip;<\/p>\n","protected":false},"author":6,"featured_media":907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,10,103],"tags":[89,142,101,104],"class_list":["post-906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audits","category-ethereum","category-wake","tag-audit-summary","tag-candide","tag-safe","tag-wake"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/08\/Safe-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/08\/Safe-600x600.png","author_info":{"display_name":"Jan Kalivoda","author_link":"https:\/\/ackee.xyz\/blog\/author\/jan-kalivoda\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=906"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/906\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/907"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}