DESCRIPTION
Neo X is an EVM-compatible sidechain incorporating Neo’s distinctive dBFT consensus mechanism. Serving as a bridge between Neo N3 and the widely used EVM network, Neo X will play a crucial role in expanding the Neo ecosystem and offering developers more opportunities for innovation. As described in the design document, the dBFT protocol requires more than half (i.e., 1/2 instead of 2/3) as the consensus threshold for voting. This means that 4 validators are sufficient to achieve consensus since the top 7 candidates will be selected for each epoch.
The audit specifically focuses on the security of the Neo X node, a Golang implementation based on the Ethereum protocol execution layer. The audit scope covers the discrepancies between the original Geth implementation and the forked parts. This audit does NOT cover all modules in the repository. Specifically excluded are source files under the consensus directory, which implement the dBFT protocol.
In summary, we have found that the codebase contains one high-risk issue that requires prompt attention. In addition, we have identified other non-critical issues that should be considered. The Neo X team has addressed these issues promptly. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.
KEY FINDINGS
In total, we find 3 potential issues in the smart contract. We also have 0 recommendations and 0 notes, as follows:
| ID | Severity | Description | Category | Status |
|---|---|---|---|---|
| 1 | Medium | Potential DoS risk | Software Security | Fixed |
| 2 | High | Insufficient validation for P2P network messages | Software Security | Fixed |
| 3 | Medium | Lack of a time lock mechanism | DeFi Security | Fixed |
More details are provided in the audit report.