Project Information
CATEGORY
L1/L2 blockchains
NETWORK
Dogechain
WEBSITE
https://dogechain.dog/
DESCRIPTION
From May 1 to May 20, 2022, DogeChain engaged Veridise to review the security of the DogeChain consensus mechanism. The review covered block validation, signature generation and verification, JsonRPC, helpers, update mechanisms, node resumption, and distributed key generation. Veridise conducted this assessment over 15 person-weeks with five engineers. The auditing strategy involved tool-assisted analysis of the source code performed by Veridise engineers. The tools that were used in the audit included a combination of static analysis, fuzzing, property-based testing, bounded model checking, and formal verification. Some of these tools were developed specifically for the purpose of performing a thorough audit of the DogeChain protocols and contracts.
Audit Report
SCOPE
To determine the scope of this audit, we first reviewed the provided documentation on the DogeChain consensus protocol. During this phase, we tried to identify any implicit assumptions made by the protocol, potential edge cases, under-specified components of the protocol, and the behavior of the system contract. Based on the documentation, we formalized key properties to be checked in Veridise’s specification language, which are useful both for verification and property-based testing, as described earlier.
In terms of the scope of the audit, the key components we considered include the following:
- The IBFT consensus protocol
- JsonRPC
- System contract for staking
- Helper functions such as keccak, keystore, bridge, etc
- DogeChain application contract