RedStone: Stellar Connector audit report
Project Information
CATEGORY
Smart Contracts
NETWORK
Stellar
WEBSITE
https://www.redstone.finance/
DESCRIPTION
From Oct. 6, 2025 to Oct. 14, 2025, RedStone engaged Veridise to conduct a security assessment of their RedStone Stellar Connector. The security assessment covered the Rust SDK, a collection of utilities designed to facilitate the deserialization and verification of the RedStone payload, as well as the Soroban smart contracts, which implement the oracle price-push model for third-party contracts to consume data from. Veridise conducted the assessment over 2 person-weeks, with 2 security analysts reviewing the project over 1 week.
Audit Report
SCOPE
The scope of this security assessment is limited to a specific set of source files in each repository,as agreed upon with the RedStone Stellar Connector developers:
Rust SDK on commit ff1de9:
- crates/redstone/src/lib.rs
- crates/redstone/src/casper/*.rs
- crates/redstone/src/contract/*.rs
- crates/redstone/src/core/*.rs
- crates/redstone/src/crypto/*.rs
- crates/redstone/src/default_ext/*.rs
- crates/redstone/src/network/*.rs
- crates/redstone/src/protocol/*.rs
- crates/redstone/src/radix/*.rs
- crates/redstone/src/solana/*.rs
- crates/redstone/src/soroban/*.rs
- crates/redstone/src/types/*.rs
- crates/redstone/src/utils/*.rs
Excluding:
- crates/redstone/src/core/test_helpers.rs
- crates/redstone/src/helpers
Stellar Contracts on commit 726ac4:
- stellarMultiFeed/common/src/lib.rs
- stellarMultiFeed/common/src/ownable.rs
- stellarMultiFeed/common/src/upgradable.rs
- stellarMultiFeed/contracts/redstone-adapter/src/config.rs
- stellarMultiFeed/contracts/redstone-adapter/src/event.rs
- stellarMultiFeed/contracts/redstone-adapter/src/lib.rs
- stellarMultiFeed/contracts/redstone-adapter/src/util.rs
- stellarMultiFeed/contracts/redstone-price-feed/src/config.rs
- stellarMultiFeed/contracts/redstone-price-feed/src/lib.rs