Summary
The most critical subjects covered in our audit are functional correctness and the synchronization of the state between mainnet and the sidechains.
Functional correctness was improved after a wrong assertion, that could have led to loss of data, was corrected.
The synchronization of data between different chains is sufficient although some caveats in regards to out-of-order execution and partial data transfers should be noted.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Frankencoin CCIP Bridge
Frankencoin implements a bridging system for the ZCHF token as well as some governance mechanisms. ZCHF on chains other than mainnet allow for tokens to be deposited into savings contracts that earn interest. Accrued interest, the interest rate, and governance voting power are asynchronously and permissionlessly transferred between mainnet and the respective sidechains using the bridge.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done! I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin