Audited by Asymptotic, audit led by Andrei Stefanescu
The security audit of Aeon's Move smart contracts identified 17 issues across different severity levels, including critical vulnerabilities, implementation flaws, and advisory recommendations. The audit focused exclusively on the Move smart contract code, excluding frontend applications, backend services, and deployment procedures.
We identified a critical privilege escalation vulnerability enabling the takeover of any account without any starting privileges through improper workspace ID validation (Issue #17)
We identified two high-severity issues:
We identified one medium severity issue related to improper inflow/outflow address checks (Issue #4).
We identified and several low-severity issues (#5-11, #13) including: the ability to delete non-empty action groups, public visibility of internal execution functions, unwanted copy and drop abilities for certain structs, transaction cancellation proposal without proper capability checks, and assertions in view functions.
We also made several suggestions for improving code quality and the contract upgrade mechanisms (🔵 #12, 🔵 #14-16).
We formally specified and verified the configuration and MPC state machines, along with proper usage of init/approve caps for state transitions. See the Formal Verification section for details.