Datachain - IBC
Summary
This audit concerns an implementation of the inter-blockchain communication (IBC) protocol in Solidity. The IBC Solidity contracts are designed around the inter-chain standard (ICS) specification documents. The system is primarily comprised of the following components. Light clients maintain state updates for a given chain and can be queried for membership of values at predefined "paths". Connections enable light clients to communicate with each other, and application modules may use these connections for communication via registered channels and ports. Each of these components are initialized through specified handshake protocols, ensuring that there is agreement across different chains. Data is transferred between chains using off-chain relayers. The protocol permits sending arbitrary data across chains and therefore supports a wide number of use cases including cross-chain token transfers. This Solidity implementation could potentially be deployed on any EVM-based chain. A primary focus of this audit was to ensure that the implemented smart contracts adhered to the ICS specification, and most issues below concern deviations from these documents. We also noted one issue related to gas considerations of connected chains, such that if the sending chain has higher gas limits than the receiving chain, malicious packets could potentially be constructed that could not be processed by the receiver. These issues mostly related to missing logic (e.g., incomplete behavior when flushing channels), incomplete updates to data in the provable store, or incomplete data validation. Inline documentation was generally reasonable throughout, and directly copied relevant snippets from the specification directly into the code. However, when design decisions caused the code to misalign with the specification (often intentionally due to EVM limitations), these decisions were not readily documented in the code. Although offline discussions with the Datachain team resolved many of these issues, we recommend adding more inline documentation for these types of design considerations. **Update:** All issues have been either fixed or resolved as of commit `5181e30`.
