Digix Audit Completed

ChainSecurity has successfully completed an audit of the DigixDao smart contracts. During the audit process, performed by three security experts over four weeks, a set of contracts were reviewed with respect to a specification derived by the ChainSecurity and Digix teams together. The full list of contracts and considered properties can be found in the final audit report.

The DAO voting system itself turned out to be well implemented and of high quality, in its functionality mostly following the previously published Governance whitepaper. A high degree of modularity was achieved in the code base introducing a clear overall structure.

Nonetheless, ChainSecurity managed to uncover several vulnerabilities and propose design improvements. Most notably, an unfortunately still common misuse of the EXTCODESIZE was originally present: Namely, using this opcode to detect that the message sender or transaction initiator is not a contract account, but an externally owned account. Given that such checks can be easily circumvented, this restriction can not be relied upon to enforce proper access control even though there may be benign use cases. For more information of this, we are glad to point to the Smart Contract Best Practices to which ChainSecurity contributed for this issue.

As for the roles present in the DAO system, these distinguish mainly between the Digix administrative roles, initiators of proposals which are to be voted on by other users and finally the voters themselves. An overview of the roles and their conditional rights is provided in the introductory section of the audit report.

Finally, ChainSecurity remarks that all vulnerabilities and issues were professionally and swiftly addressed by the Digix team and we are now curiously following further development and adoption of the project.

About Digix

Digix is one of the world’s first Smart Asset companies and aims to be the leading brand in tokenizing the world’s tangible assets.

Learn more about Digix Dao at https://digix.global/dgd/

About ChainSecurity

ChainSecurity uses the most advanced tools straight out of the research labs at ETH Zurich, one of the best technical universities, to validate the correctness and uncover vulnerabilities in smart contracts. A thorough expert audit focuses on defining an exact functional specification, proves that it holds using formal verification tools and uncovers security, design and architecture issues in the analyzed code. Crypto projects rely on the detailed public audits by ChainSecurity to ensure top-grade security for their smart contracts and protocols.

Learn more about ChainSecurity at https://chainsecurity.com