pTokens is a cross-blockchain solution developed by Provable Things, formerly know as Oraclize. The system allows assets from different blockchains to be moved to Ethereum and EOS, in order to make them available to Decentralized Finance (DeFi) applications. This is achieved by locking up assets on the original chain and minting the equivalent amount of representative pTokens on Ethereum or EOS. Assets can be moved back by burning tokens and freeing up the equivalent assets on the original chain.
Cryptonics has been engaged by Provable Things to audit the codebase of the Bitcoin to EOS implementation prior to its mainnet release, after having previously audited Bitcoin to Ethereum bridge. The interactive audit process has gone through various rounds and we are pleased to publish the final audit result.
The pToken Bitcoin to EOS bridge is a two-way bridge designed to run in a trusted execution environment, such as Intel’s Secure Software Guard Extensions. It consists of a secure enclave containing Bitcoin and EOS light clients, transaction relayers, and a series of tools and APIs. In its first release, the bridge is implemented as a single trusted relayer node. However, a decentralized implementation is in development for future release.
Audit Procedure and Result
The audit has been performed in several rounds by a team of auditors specializing in blockchain security and extensive experience in the programming languages employed. The Cryptonics audit procedure follows a strict methodology adapted to programming language specifics, which involves a series of steps, ranging from automated code scanning and manual line by line code reviews to high-level architecture and design reviews.
The audit team was in constant contact with the development team and issues encountered were discussed and any fixes supplied were re-audited. The final audit report contains a full history of issues discussed and fixed.
We have found the submitted code base of very good quality with excellent documentation. Test coverage is also very complete. Several issues were detected and we have found the team very receptive to suggestions for improvements. All issues encountered have been addressed by either fixing or mitigating them. In the case of some minor comments, the issues have been acknowledged as deliberate choices