Project Background
BtcSwapAssetV2 is an ERC-20 token called anyBTC (8 decimals) used to represent Bitcoin in a cross-chain bridge system.
- Minting (Swapin): Only the contract owner can mint tokens to a user when BTC is deposited on another chain/system. Each mint emits a LogSwapin event.
- Burning (Swapout): Users burn their tokens to withdraw BTC. They must provide a Bitcoin address, which is checked for basic format validity. This emits a LogSwapout event.
- Ownership model:
The contract uses a delayed ownership transfer mechanism. When the owner is changed, the new owner only becomes active after ~13,300 blocks (~2 days). This adds a safety buffer against sudden malicious control. - Security notes:
Minting is centralized (owner-controlled), and BTC custody/redemption happens off-chain, so the system depends on a trusted operator. Address validation is basic and not fully secure.
Executive Audit Summary
- According to the standard audit assessment, the Customer`s solidity smart contracts are “Secured”. Also, these contracts contain owner control, which does not make them fully decentralized.
- We used various tools like Slither, Solhint and Remix IDE. At the same time this finding is based on critical analysis of the manual audit.
- We found 0 critical, 0 high, 0 medium, 1 low, and 5 very low-level issues.
Audit Report in PDF
Audit Report Flip book
Please wait while flipbook is loading. For more related info, FAQs and issues please refer to DearFlip WordPress Flipbook Plugin Help documentation.
