Summary
The most critical subjects covered in our audit are general liveness of the rollup, denial of services, and user assets safety. Security regarding all subjects is good.
The other general subjects covered are correct usage of Scroll Messenger, access control, and global interaction between the contracts. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
Given the small amount of tests in the codebase, we strongly recommend enhancing the testing suite as several issues found in the audit could have been caught by more extensive testing.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Intmax 2 Smart Contracts
Intmax implements a zk-rollup for private transfers. Liquidity is on/offboarded on Ethereum while the state of the rollup is managed on Scroll.
"INTMAX is an extremely scalable layer for Ethereum transfers that incorporates ethically sound privacy. It is a stateless zkRollup structure, theoretically achieving scalability similar to Plasma and Lightning Network, as envisioned in 2018. By distributing both data and computation costs across users’ devices, INTMAX inherits security from Ethereum while achieving scalability even greater than centralized financial systems using databases."