DESCRIPTION
The target of this audit is the implementation of the EOS EVM, which is a compatibility layer deployed on top of the EOS blockchain. The EOS EVM serves as an implementation of the Ethereum Virtual Machine (EVM). It is implemented in C++ and compiled to a WASM binary to be executed within the EOS blockchain. The EOS EVM utilizes a modified version of Silkworm and Evmone for the execution of the EVM operations.
The EOS EVM is an emulation of the EVM, housed within an EOS smart contract. EOS EVM bridges the EOS ecosystem to the Ethereum ecosystem by allowing developers to deploy a wide array of Solidity-based smart contracts and innovative dApps on the EOS Network to make use of its world class performance and low gas fees. Developers can utilize Ethereum’s battle-tested open source code, tooling, libraries and SDKs while leveraging the superior performance of EOS to create a multichain Web3 experience. The EOS EVM Ecosystem has opened up a new world of opportunities for those who wish to leverage the performance, reliability, and low fees on EOS from within the familiar EVM framework.
Our audit methodology employs differential testing, automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.
In summary, we have found that the codebase contains several high-risk issues that require prompt attention. In addition, we have identified other non-critical issues as well as security suggestions that should be considered. The EOS EVM development team has addressed these issues promptly. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.
KEY FINDINGS
In total, we find 2 potential issues in the smart contract. We also have 0 recommendations and 2 notes, as follows:
ID | Severity | Description | Category | Status |
---|---|---|---|---|
1 | High | Lack of valid ChainID check |
Software Security | Fixed |
2 | High | Potential incorrect state for smart contract destruction | Software Security | Fixed |
3 | - | Nonce issue of the reserved addresses | Note | - |
4 | - | The gas fee payment mechanism | Note | - |
More details are provided in the audit report.