background
logo

Security Audit Report for KEYRING's multisig-wallet-contracts

DESCRIPTION

The target of this audit is the code repository of multisig-wallet-contracts of KEYRING.

This project implements a permissionless multisig wallet system. A factory deploys deterministic minimal-proxy wallets for users and stores each wallet’s signer set and approval threshold. Wallets can receive native tokens, ERC20, ERC721, and ERC1155 assets, and allow withdrawals only after validating threshold EIP-712 signatures from approved signers. Each withdrawal type uses an independent nonce and deadline for replay protection, while recipients are restricted to wallet signers. The factory also emits standardized withdrawal events for created wallets.

Please refer to the report for the detailed audit scope.

Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.

In summary, we did not find any critical issues within the audited codebase. However, we have identified some non-critical issues that should be addressed. Additionally, we have put three recommendations to further strengthen the code logic. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.

KEY FINDINGS

In total, we find 1 potential issues in the smart contract. We also have 3 recommendations and 0 notes, as follows:

High Risk: 0
Medium Risk: 0
Low Risk: 1
Recommendation: 3
Note: 0
ID Severity Description Status
1 Low Lack of EOA signer validation in function createMultisigWallet() Fixed
2 - Add zero address validation in function constructor() Fixed
3 - Enforce a dynamic minimum signature threshold Fixed
4 - Emit only verified signatures in withdrawl events Fixed

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!