Summary
The most critical subjects covered in our audit are the correctness of the verification relay, the authentication of inbound cross-chain messages, and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are the robustness of the destination configuration, the dependency on Chainlink CCIP, and code complexity. Security regarding all the aforementioned subjects is high.
The adapter places extensive power in its privileged roles and delegates message finality and transport to Chainlink CCIP, which are trusted accordingly; see the Trust Model.
In summary, we find that the codebase provides a high level of security, provided it is configured correctly.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About CCIPDVNAdapter
CCIPDVNAdapter is a Chainlink CCIP adapter for the LayerZero v2 messaging protocol, developed by LayerZero. Sky intends to use it unmodified as the Chainlink CCIP verification path of a cross-chain governance bridge.