Runtime Verification audits Ojo’s Node, Price Feeder and Smart Contract
Runtime Verification is pleased to announce the Ojo Node, Price Feeder and Smart Contract audit completion. Ojo is a decentralized security-first oracle network built to support the Cosmos Ecosystem. Ojo will source price data from a diverse catalog of on and off-chain sources and use advanced security mechanisms to guarantee the integrity of the data it provides.
Audit Scope
The majority of our audits focus on reviewing smart contracts. However, in this particular case, we reviewed the smart contracts as well as the infrastructure of the blockchain in which the oracle service would run. The Cosmos blockchains can implement features of the protocol, while a great majority of the necessary code for execution of the blockchain is provided as libraries of Cosmos itself. In this audit we were tasked to review parts in which the logic of the oracle would be implemented into the blockchain.
The scope of the audit is limited to the code contained in the following projects:
-
Ojo node (v. 0.1.2): implements the functionalities related to the operation of the Ojo node and the core of the oracle protocol, handling the consensus on the voting process for electing exchange rates in interactions with validators;
-
Price feeder (v. 0.1.1): implements the necessary tooling for fetching information about the exchange rate of assets, preprocessing the fetched data, including the output of this process into messages and signing for submission as votes for the Ojo node;
-
Contract & Relayer (v. 0.1.1): implements the necessary functionalities for providing the exchange rates obtained in the Ojo node through means of a smart contract, which also includes the mechanics for forwarding exchange rate data to said smart contract.
The audit scope is limited to the smart contracts, written in Rust and the infrastructure, written in Go. Off-chain, auto-generated or client-side portions of the codebase, as well as deployment and upgrade scripts, are not in the scope of this engagement.
Methodology
Runtime Verification conducted a manual code review for a period of 8 weeks and delivered a detailed report on May 1st, 2023.
The audit process included several steps. First, we gained a better understanding of the Ojo code in scope by reviewing the Rust smart contract’s logic. Second, we reanalyzed the Rust smart contract with a focus on lower level implementation details to ensure it functions as intended. Third, we analyzed the price feeder project, using tools like function call graphs, generators, and static analyzers to better visualize the code's business logic and to search for possible issues. Fourth, we reviewed the Ojo node project to ensure that it correctly handles submitted prices. In addition to verifying that the node properly handles submitted prices, we analyzed the project to ensure that the price cannot be manipulated and that the calculations used to derive the exchange rates of assets would not yield incorrect values. Finally, we analyzed the pieces together and considered potential consequences of manipulating each part. It’s worth noting that we audited a blockchain and its interacting elements, not just smart contracts. This type of audit is not common and was done with the input of multiple auditors and specialists in languages and blockchain.
Results
The audit identified and highlighted some issues along with some informative findings. Although a formal review of code fixes was outside the scope of the audit, a best-effort review was conducted on some of the code changes.
Readers interested in a more detailed and technical explanation of the findings can go over the full report in our GitHub repository.
About Ojo
Ojo is a sovereign oracle appchain designed to provide the highest quality data feeds available to the interchain. As the data hub of the Cosmos Ecosystem, Ojo will provide a wide range of custom built data feeds to cater to the individual needs of its consumers. Ojo was created to provide the accessible, reliable, and trustless data feeds needed to support the growing web3 data economy
About Runtime Verification
Runtime Verification is a technology startup based in Champaign-Urbana, Illinois. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services and products to improve the safety, reliability, and correctness of software systems in the blockchain field.