Rockside Relayer Security: Smart Contract External Audit by Sekoia
At Rockside, we take security very seriously. In our new architecture, our users send Ethers to a Forwarder contract. Rockside pays the gas to relay transactions and is reimbursed by this Forwarder contract. This audit allowed us to validate 2 things that are absolutely essential for us:
- Our users’ funds are secure.
- The service is fair by design, Rockside can never be refunded more than the maximum price fixed by the users to relay their transaction.
We checked references of, and interviewed several security companies before deciding to hire Sekoia to conduct an external audit of our smart contracts. Sekoia is a French key player in cybersecurity. Sekoia is recognized internationally, a pure player and independent, with a solid expertise in Ethereum smart contract security.
The security report
Overall, this audit found 6 issues of various severities
(0 critical, 1 major, 1 significant, 4 minors).
The smart contract static and dynamic code analysis did not reveal any security vulnerabilities.
Here is a highlight of the 2 issues found thanks to the audit.
Privilege escalation (major)
Some privileged functions can be called by users calling them through the Rockside service. Normally only the owner of the Proxy contract have control on it, but a vulnerability allows API key users to have owner rights on the proxy.
Rockside Response: We moved the owners logic from the proxy, to implementation. So this is not on the responsibility of the proxy anymore. We also changed the logic for the forwarder. The forwarder itself is not owner anymore. We originally added the forwarder as owner so administration tasks such as changing the implementation of the forwarder can be done using MetaTx. Even if we thought the attack surface was limited, because only people having the Rockside API Key would be able to execute transactions from the forwarder, we decided to remove it.
SEKOIA Validation: The response is accepted and the fix is provided in this commit.
Code bad practice (significant)
Storage slots are used without being properly declared, leading to possible security impact in future development. In a proxy pattern, the storage slots of ‘Proxy.sol’ are used in the context of the code of ‘Forwarder.sol’, and both contracts must have the same storage layout. The storage layout is not explicitly declared and reserved in ‘Proxy.sol’, making ‘Forwarder.sol’ blindly using the storage slots that might be later used by ‘Proxy.sol’.
Rockside Response: We understand the risk as described but we decided to have a generic proxy that can work with any kind of implementations. Moreover, a generic proxy requires less gas to be deployed. We follow the proxy pattern as defined by openzeppelin as gnosis safe or argent contracts does. https://blog.openzeppelin.com/proxy-patterns
The Proxy source file will include the missing declarations as comments with an explanation to avoid misunderstanding in future developments.
SEKOIA Validation: The response is accepted and the fix is provided by this commit.
Read Sekoia’s full Rockside Relayer security audit report by Sekoia below.
Rockside relayer is a non-custodial transaction delivery service. When sending a transaction to Rockside, you provide…
In this new version of Rockside, our priority has been to build a reliable service for live applications on the mainnet. All our contracts are open source, tested and constantly reviewed internally. We write a minimum of solidity code and we try to make it as simple and readable as possible to guarantee a high level of transparency to our community. Finally, we systematically use standard libraries when possible. With the emergence of DeFi, financial transactions that go through our service are increasingly critical and being regularly audited by external teams is quite natural for us.