Safe Smart Accounts boast the highest level of auditing and rigorous testing among smart contracts on Ethereum, safeguarding assets exceeding $100 billion. The Safe Social Recovery Module is a feature of the wallet designed to restore access when the wallet keys are lost.
Safe contracted Ackee Blockchain for a security audit of the Safe Social Recovery Module, initially developed by Candide over a span of 2 engineering days from June 6 to June 14, 2024.
METHODOLOGY
Our review commenced with the use of static analysis tools such as Wake, followed by an in-depth examination of the contract logic. For testing and fuzzing purposes, we utilized the Wake testing framework.
Throughout the review, we emphasized the following areas:
- ensuring the recovery mechanism cannot be bypassed,
- verifying the accuracy of system arithmetic,
- identifying potential reentrancy vulnerabilities in the code,
- confirming that access controls are appropriately balanced,
- searching for common issues such as inadequate data validation.
Using fuzz tests, we developed a differential model of the system in Python and identified various flows to cover all functions and branches within the code. During execution, we validated specific assertions and confirmed the following invariants across the flows:
- the guardians in the contract state correspond with the testing model,
- the owners in the contract state align with the testing model,
- the number of guardians in the contract does not exceed the threshold established in the testing model,
- the number of owners in the contract does not surpass the threshold established in the testing model.
SCOPE
The audit was conducted on commit e6d45c8 and specifically covered the following files:
- contracts/modules/social_recovery/SocialRecoveryModule.sol
- contracts/modules/social_recovery/storage/GuardianStorage.sol
FINDINGS
Below are the findings from our review.
Critical severity
No critical severity vulnerabilities were identified.
High severity
No high severity vulnerabilities were identified.
Medium severity
M1: Other modules may be exploited to gain wallet ownership.
Low severity
No low severity vulnerabilities were identified.
Warning severity
W1: Confirmed hashes persist in storage.
Information severity
No information severity issues were encountered.
CONCLUSION
Our review yielded 2 findings, classified from Warning to Medium severity. The most significant concern is the potential for wallet recovery through other modules (refer to the M1 issue). Overall, the codebase demonstrates exceptionally high quality.
Ackee Blockchain advises Safe to:
- address all identified issues.
The complete audit report from Ackee Blockchain, detailing all findings and recommendations, can be found here.
We were pleased to conduct the audit for Safe and look forward to future collaborations with them.
