Datachain - LCPs
Summary
This project focuses on implementing the Light Client Proxy (LCP), which uses Intel SGX, a Trusted Execution Environment (TEE), to perform light client verification within a secure enclave. This setup ensures a safe verification process by generating cryptographic proofs that other chains can trust through Intel’s Remote Attestation mechanism. By using SGX, LCP provides a scalable way for cross-chain communication without needing separate light client implementations for each blockchain pair. The LCP protocol uses a relayer to transfer messages between an upstream chain and a downstream chain. Verification results are provided as signed commitments, which help establish trust between chains. This audit reviewed the LCP node, written in Rust, and the LCP client, implemented as Solidity contracts. The LCP node serves as the main controller of the enclave system by creating an Enclave Key (EK), starting the Enclave Light Client (ELC) process, and signing the ELC results with the EK. The LCP client verifies the LCP node's results by checking the EK signatures to ensure updates are secure and cannot be changed without the enclave’s approval. Please note that the ELC is not included in this specific audit, although other teams are reviewing some of their ELC implementations. The codebase is easy to read and well organized into separate parts. There are documentation websites that clearly explain the main concepts. Both the LCP node and client have tests to verify the code, though there is room to improve overall coverage. After our review, we believe the team has considered many potential attack methods, and we found very few serious issues. We discussed several potential attack factors, and they all seem to be mitigated or resolved by assumptions about the ELC. For more details, please see the "Operational Considerations" section. We also found some minor issues and have suggestions for improvements. We recommend fixing and enhancing all of these to make the system more secure and reliable. **Fix Review Update:** The team has fixed all issues, and also most of the suggestions.
