[Audit Report] Sygma(ChainBridge)

Report realeased on Sep 6, 2022

About Sygma

Sygma is a bridge which can be used to send assets over different blockchains. It can be used to transfer tokens in various standards like ERC20, ERC721, ERC1155. However, Sygma allows much more possibilities with its GenericHandler, which practically allows arbitrary function calls provided that the admin allows such calls with its whitelist and access control system. The system currently works between EVM-based blockchains.
The system works as follows. If a user wants to transfer some ERC20 from chainA to chainB, it first deposits the said ERC20 into the bridge contract of chainA. The contract will then lock the tokens in chainA, then emit an event which implies a deposit was created. The relayers, off-chain operators of the system, will listen to these events and will cooperate with each other to sign and send the appropriate transactions on the destination blockchain, which is chainB in this case.
To sign these transactions, the relayers use a cryptographic method known as Threshold Signatures, or Threshold ECDSA in this case. Using Threshold ECDSA technology, the relayers, which each hold a share of the full ECDSA private key, can sign appropriate transactions without ever knowing the full private key. Also, in the case of an abort, the system can identify the relayer which caused the abort, leading to a more safe system.
The smart contracts handle deposits by users and contract calls by the relayers. The bridge contract will receive these requests by users and relayers, and send them to the appropriate handler contracts. These contracts, which are divided by their usage (for example, the type of token it transfers) will handle the transfers, mints and burns as necessary.
There is also a fee handler, which deals with the fee logic, fee collection, and fee transfers. A fee oracle is used to get the required information to calculate the fees as well.
Our audit covers the Threshold Signature scheme implementation and the smart contracts, but the fee oracle and event listeners of the relayers are not a part of the scope. However, we did find some bugs in the event listeners, which we will share in our audit report below.

Purpose of this report

This report was prepared to audit the security of the Sygma bridge and related contracts developed by the Sygma team. HAECHI AUDIT conducted the audit focusing on whether the system created by the Sygma team is soundly implemented and designed as specified in the published materials, in addition to the safety and security of the bridge.
In detail, we have focused on the following -
Possibilities of Signature Replay
Denial of Service on Relayers
Damage by Single Malicious Node Operator
Smart Contract Attacks
*The audited code can be non-disclosure as the client requests.
KALOS is a flagship service of HAECHI LABS, the leader of the global blockchain industry. We bring together the best Web2 and Web3 experts. Security Researchers with expertise in cryptography, leaders of the global best hacker team, and blockchain/smart contract experts are responsible for securing your Web3 service.
We have secured over $60b worth of crypto assets across 400+ global crypto projects — L1/L2 projects, defi protocols, P2E games, and bridges — notably 1inch, SushiSwap, Badger DAO, SuperRare, Klaytn and Chainsafe. KALOS is the only blockchain technology company selected for the Samsung Electronics Startup Incubation Program in recognition of our expertise. We have also received technology grants from the Ethereum Foundation and Ethereum Community Fund.
Secure your smart contracts with KALOS.
Email: audit@kalos.xyz
Official website: https://kalos.xyz