Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum
WEBSITE
https://www.puffer.fi/
DESCRIPTION
From Jul. 5, 2023 to Jul. 10, 2023, Puffer Finance engaged Veridise to review the security of their Remote Attestation VErification (RAVe) library. The review covered Solidity smart contract implementations of: an ASN.1 DER format parser, some X.509 certificate validation logic, and an implementation of a PKCS#1 v1.5 signature validation scheme. Additionally, the review covered a smart contract that uses the above components to validate cryptographically-signed remote attestation reports generated by the Intel Attestation Service (IAS). Veridise conducted the assessment over 8 person-days, with 2 engineers reviewing code over 4 days. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing.
Audit Report
SCOPE
The scope of this audit is limited to the src folder of the source code provided by the RAVe developers, which contains the smart contract implementation of the RAVe. During the audit, the Veridise auditors referred to third-party code used by the RAVe that are out-of-scope of the audit, but the auditors assumed that they have been implemented correctly.