Fluent: Bridge Contracts audit report
Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum
WEBSITE
https://www.fluent.xyz/
DESCRIPTION
From May. 15, 2025 to May. 22, 2025, Fluent engaged Veridise to conduct a security assessment of their Bridge Contracts. The project implements the core on-chain infrastructure for a rollup system, comprising smart contracts deployed on the parent (L1) chain. These contracts coordinate the submission and verification of L2 blocks and enable cross-chain messaging between the two chains. Veridise conducted the assessment over 12 person-days, with 2 security analysts reviewing the project over 6 days. The review strategy involved a tool-assisted analysis of the program source code performed by Veridise security analysts as well as thorough code review.
Audit Report
SCOPE
The scope of the security assessment was limited to the following files of the source code provided by the Bridge Contracts developers, which contains the smart contract implementation of the Bridge Contracts:
- contracts/interfaces
- contracts/libraries
- contracts/rollup/Rollup.sol
- contracts/Bridge.sol
- contracts/ERC20Gateway.sol
- contracts/ERC20PeggedToken.sol
- contracts/ERC20TokenFactory.sol
During the security assessment, the Veridise security analysts reviewed the list of excluded files and assumed they were correctly implemented. Notable exclusions included contracts/SP1Verifier.sol, which implements the Groth16 zk-SNARK verifier, and contracts/RestakerGateway.sol, which implements the restaking pool logic.