In our constant effort to increase Hermez Network’s security before mainnet launch, we’re delighted to share the results of the audit done by the Trail of Bits team.
The scope of the audit covered Hermez’s smart contracts and Circom circuits. All issues reported by Trail of Bits have been either fixed or answered in the report.
In this blog post, you’ll find a summary of the main points of the audit. You can check out the full audit, 66 page report here.
Audit Timeline
From October 26 through November 9, 2020, Hermez engaged Trail of Bits to review the protocol’s security.
Trail of Bits conducted an assessment over four weeks with three engineers working from d52ed73 (contracts) and a785328 (circuits).
In the first week, Trail of Bits focused on understanding the codebase. They reviewed the L1/L2 flow on the smart contracts against the most common Solidity flaws and the circuit codebase to ensure the code matched its specifications.
In week two, they continued reviewing the contracts and the interactions between L1 and L2 and provided a report with an actionable list of issues.
Hermez’s tech team then proceeded to evaluate the issues and addressing them. You can find all the details in the final audit report.
Hermez Wants You!
While we’re pleased with the audit results, we’re still working non-stop to increase the protocol security and make it safe to use from day one.
That’s why we're inviting you to check and audit Hermez’s smart contracts.
To incentivise cooperation, we’re preparing a bug bounty campaign to reward the community members who contribute to making the Hermez protocol safer.
Keep an eye on this bug bounty on Twitter at @Hermez_network and join our Discord here!
