Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum
WEBSITE
https://pay.daimo.com/
DESCRIPTION
From Sep. 13, 2023 to Sep. 26, 2023, Daimo engaged Veridise to review the security of several major components of their Daimo project, a wallet app (for iOS and Android) backed by an on-chain Ethereum smart contract compliant with EIP-4337* account abstraction. Veridise conducted the assessment over 6 person-weeks, with 3 engineers reviewing code over 2 weeks. The security assessment was performed in the same audit as that of Daimo’s P256Verifier project, which the Daimo project depends on. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing
Audit Report
SCOPE
The scope of this audit is limited to the following folders of the source code provided by the Daimo developers:
- packages/contract/contract/src
- packages/daimo-expo-enclave
- packages/daimo-userop/src
All other packages in the provided source code (e.g., the application code in app/) are not in the scope of the audit. During the audit, the Veridise auditors referred to the excluded files but assumed that they have been implemented correctly.