Security Audit Report for Poly Contracts


Poly Network is a global cross-chain protocol for implementing blockchain interoperability and building Web3.0 infrastructure. Poly Network has connected a variety of over 35 different blockchains, including popular ones such as Ethereum, Polygon, Arbitrum, and BNB Chain, as well as others such as Aptos, Optimism, Neo, Metis, and Gnosis Chain. Since the launch, the protocol has enabled cross-chain asset transfer of more than $16 billion USD. The core contracts covered in this audit include EthCrossChainData, EthCrossChainManager, UpgradableECCM, EthCrossChainManagerProxy, ECCUtils, LockProxy, Swapper and SwapProxy. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we did not find any critical issues within the audited codebase. However, we have identified three non-critical issues that should be addressed. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.


In total, we find 3 potential issues in the smart contract. We also have 0 recommendations and 0 notes, as follows:

High Risk: 0
Medium Risk: 1
Low Risk: 2
Recommendation: 0
Note: 0
ID Severity Description Category Status
1 Medium The function removeUnderlying is not executed as expected Software Security Fixed
2 Low The function recoverEpochPk is not executed successfully Software Security Fixed
3 Low The events UnlockEvent and LockEvent may record wrong data Software Security Fixed
4 - Remove the repeated verification to save gas consumption Recommendation Acknowledged
5 - Remove the redundant verification to save gas consumption Recommendation Acknowledged
6 - Add the logic to update whitelist Recommendation Fixed

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!