Bird Bridge - Smart Contract Audit Report
Summary
Bird.Money has built an off-chain Farm, analytics, and lending platform. We previously reviewed the project's token contract here, lending platform here, Oracle here, and Farm here.
For this audit, we analyzed the project's on-chain bridge logic at commit 047b317d47e252149c377b7b6d6fa12452602694 on GitHub.
Notes on the Contract:The Bird team has developed a cross-chain bridge which will allow users to transfer their tokens across the Ethereum and Binance Smart Chain blockchains. The two contracts serve as the on and off ramp for moving tokens from chain to chain. Users can deposit tokens into the contract on the Ethereum blockchain to obtain them on the Binance Smart Chain, and vice versa. transferOwnership() and transferTokenOwnership() in the both contracts could be declared external instead of public to save some execution cost when called. Both contracts declare nonce and feepayer as a global variables; though they are never used. These can be safely removed to save on deployment costs. Cross-chain swaps involve some off-chain logic run by the team. Please note we have not reviewed the off-chain logic related to the bridge. Compiler version 0.8.x is used, preventing any overflow-related issues.
Audit Findings Summary:
- Users must trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
- Date: August 4th, 2021
Combined External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
ETH Bridge
Inheritence Chart
Function Graph
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IToken
- [Ext] mint #
- [Ext] burn #
- [Ext] changeOwnership #
+ BridgeEth
- [Pub] #
- [Pub] transferOwnership #
- [Pub] transferTokenOwnership #
- [Ext] transferToContract #
- [Ext] transferFromContract # BSC Bridge
Inheritence Chart
Function Graph
Functions Overview
($) = payable function
# = non-constant function
Int = Internal
Ext = External
Pub = Public
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IToken
- [Ext] mint #
- [Ext] burn #
- [Ext] changeOwnership #
+ BridgeBsc
- [Pub] #
- [Pub] transferOwnership #
- [Pub] transferTokenOwnership #
- [Ext] burn #
- [Ext] mint #