Security Audit Report for Stratos Chain and Stratos Decentralized Storage (SDS)


This audit primarily focuses on the Stratos Chain and Stratos Decentralized Storage (SDS), both of which are components of Stratos, a decentralized data architecture. Stratos provides scalable, reliable, and self-balanced storage, database, and computation networks, creating a robust foundation for data processing. The architecture of Stratos is divided into three distinct components:

Stratos Chain. This custom blockchain is based on the Cosmos-SDK and is responsible for defining various messages and implementing corresponding handlers to manage nodes and reward distribution within the network. By forking a custom Ethermint implementation, the Stratos Chain achieves full EVM compatibility.

Meta Nodes (SP Nodes). Within the Stratos Network, there are two node types: Meta Nodes and Resource Nodes. Meta Nodes are management nodes that connect storage nodes to the Stratos Chain and are responsible for volume reporting for reward distribution.

Storage Nodes (SDS Nodes). These nodes provide the actual storage for the entire network and form a P2P network to ensure high availability.

In this audit, two of the three components, the Stratos Chain and Stratos Decentralized Storage (SDS), are covered. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope.

Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.

In summary, we have found that the codebase contains several high-risk issues that require prompt attention. In addition, we have identified other non-critical issues as well as security suggestions that should be considered. The Stratos team has addressed these issues promptly. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.


In total, we find 18 potential issues in the smart contract. We also have 0 recommendations and 0 notes, as follows:

High Risk: 12
Medium Risk: 4
Low Risk: 2
Recommendation: 0
Note: 0
ID Severity Description Category Status
1 High Insufficient access controls for privileged messages Software Security Fixed
2 High Conflict logic in the volumeReportRequestHandlerFn function Software Security Fixed
3 Medium Unchecked epoch field in the volume report Software Security Fixed
4 Low Inconsistent token denoms Software Security Fixed
5 High Incorrect selfdestruct logic in the EVM module Software Security Fixed
6 High Complex and unstable logic in the EndBlock of the pot module Software Security Fixed
7 Medium Deletion in iteration Software Security Fixed
8 Medium Ignored error in reward distribution Software Security Fixed
9 High Potential partial state write if EndBlocker panics Software Security Fixed
10 High Potential concurrent-unsafe usage of a global variable Software Security Fixed
11 High Potential loss of unbonding stake due to address overwriting Software Security Fixed
12 High Potential locking of staked tokens if the creation vote fails Software Security Fixed
13 Low Unremoved vote pool when the meta node is unbonded Software Security Fixed
14 High Unverified message source DeFi Security Fixed
15 High Unverified response messages DeFi Security Fixed
16 High ReqUploadFileSlice allows arbitrary file writing DeFi Security Fixed
17 Medium Potential DoS risk due to the absence of timeouts in message receiving and sending processes DeFi Security Fixed
18 High Ignored error in authentication process DeFi Security Fixed

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!