eRLC iExec Security Smart Contract Audit

Summary

Executive Summary This report presents the results of our engagement with iExec to review the eRLC code base for KYC-enabled ERC-20 (ERC-677) tokens as well as the integration of these tokens with the iExec PoCo smart contracts. The review was conducted by Shayan Eskandari and Nicholas Ward over the course of 10 person-days between January 4th and January 8th, 2021. Scope Our review focused on the commit hash b16266d4940f9cc695859a47c483485c48fbda66 for eRLC and the KYC additions to the PoCo delegate modules at commit hash 96a39c9d53668896321556d23351a4e79d4d46a8.

Project

iExec

Ethereum

No active critical issues

Last audited on 2020/12/31

Auditor

59 audits on Trustblock

Multi-Tags

Issues (3)

	Low	Medium	High	Critical	Total
Not fixed	3	-	-	-	3
Fixed	-	-	-	-	0
Total	3	0	0	0	3

Contracts (12)

#	File Name
1	Claimable.sol
2	interfaces/IERC677Receiver.sol
3	interfaces/IERC1404.sol
4	ERC677.sol
5	ERC20Softcap.sol
6	interfaces/IERC20KYC.sol
7	ERC20KYC.sol
8	KYC.sol
9	interfaces/IKYC.sol
10	ERLC.sol

eRLC iExec

Summary

Issues (3)

eRLC: Include Transfer(address,address,uint256,bytes) eventnot_fixed/low

eRLC: Require a delay period before granting KYC_ADMIN_ROLEnot_fixed/low

Share status codes between ERC20KYC and IexecERC20CoreKYCnot_fixed/low

Contracts (12)