Datachain LC Security Smart Contract Audit

Summary

This audit focused on the changes supporting the migration of SGX remote attestation from IAS to DCAP, as Intel is deprecating IAS support. Unlike the previous IAS-based implementation, DCAP attestation is verified through Risc0 zkVM technology, with the resulting ZK proof validated on-chain by the `LCPClientZKDCAP` contract. We found the code to be well-written, and the team has provided sufficient documentation. However, there is still room for improvement in the testing. Overall, we believe the implementation is solid, with most of our findings being minor. We recommend the team address all identified issues and follow the provided suggestions. **Fix Review Update:** The team fixed all issues and implemented most suggestions.

Project

Datachain

Multi-Chain

No active critical issues

Last audited on 2025/04/09

Auditor

287 audits on Trustblock

Multi-Tags

Issues (7)

	Low	Medium	High	Critical	Total
Not fixed	-	-	-	-	0
Fixed	6	1	-	-	7
Total	6	1	0	0	7

This project has no active issues.

Contracts (5)

#	File Name
1	crates/zkvm/risc0/guest/src/bin/main.rs
2	crates/types/src/*/.rs
3	crates/quote-verifier/src/*/.rs
4	lcp-solidity/contracts/*
5	crates/zkvm/risc0/src/*.rs

Datachain LCP-zkDCAP

Summary

Issues (7)

Contracts (5)