rhino.fi
Summary
Rhino.fi is a DeFi platform with cross-chain capabilities that allow users to bridge funds between various blockchains. Rhino Fi’s bridge design is based on collateralized liquidity pools across chains, rather than the common "burn and mint" model. This method ensures quick transfers and easy onboarding of new chains. Security is maintained as Rhino Fi itself collateralizes the funds. This audit revolves around the Rhino.fi cross-chain bridge developed for the TON blockchain. Specifically, only the `bridge_contract.fc` was in scope. Therefore, all off-chain components, such as message passing and message verification from other blockchains, are out of the scope of this audit. During the review, the audit team discovered high-quality code and a sufficient test suite in the codebase. However, the audit team recommends improving overall documentation and adding end-to-end test cases covering the bridging process from one blockchain to another. One low severity issue describes the potential for lost jettons during deposit due to user error. Additionally, this report includes two informational issues and auditor suggestions to ensure adherence to best practices. The Rhino.fi team was very collaborative throughout the audit. **Fix Review Update** All issues in the report have either been fixed or acknowledged with sufficient reasoning and tests have been updated to test new features. During the fix review, all changes were merged to the public repo mentioned throughout this report. We note here that the initial audit reviewed code on a private repo and we confirm that the merges to the public repo are identical to what we reviewed.
Issues (3)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 1 | - | - | - | 1 |
Fixed | 2 | - | - | - | 2 |
| Total | 3 | 0 | 0 | 0 | 3 |