The world's first Move smart contract security audit report has been released

Author: MoveBit

On October 11, the MoveBit team, a security company focused on the Move ecosystem, released the world's first Move smart contract security audit report—"Starcoin Framework Audit Report."

This audit report is the first smart contract security audit report in the global Move ecosystem and summarizes the security experiences of building DApp applications based on Move, marking the beginning of the construction of the Move ecosystem's security system.

Introduction to Move Language

Move language was originally developed for Meta's Diem blockchain project and is now maintained by the open-source community. The vision of Move language is to help developers build blockchain applications securely, easily, and quickly. Move is a smart contract programming language born for blockchain.

According to the documentation of Move language from MystenLabs, there are currently 4 public chains using Move language: Aptos, Sui, Starcoin, and 0L Network. Currently, Starcoin and 0L Network have launched their mainnets, while Aptos and Sui are still in the testnet phase.

Starcoin is a Move blockchain that launched its mainnet in June 2021, centered around a PoW consensus mechanism, using enhanced proof of work consensus and Move language. It optimizes the construction of different ecosystems such as DeFi, NFTs, and games through layered and flexible interoperability.

Starcoin Framework is a general Move library on the Starcoin chain, including general standards for accounts, NFTs, tokens, etc., and is an important infrastructure for ecosystem construction. The security of Starcoin Framework is the foundation for the safety of various Move project applications developed on Starcoin.

Important Concepts of Move Smart Contracts

Move Prover: The built-in formal verification tool for smart contracts in Move is called Move Prover. With this tool, you can assert the properties and specifications of the smart contracts you write, providing additional security guarantees for the operation of smart contracts. Its basic idea is to verify whether the program meets a certain specification using an automated theorem prover from the field of formal verification.

Move Specification: Move defines its own specification language, which describes how a program can be considered to run correctly through preconditions, postconditions, invariants, etc. Move Specification can be directly inserted into the program or written as a separate Move Specification file. Move Specification is often abbreviated as Move Spec.

Move Framework: A key design of Move language is the ability to separate blockchain-specific framework logic from the general functionality of Move language. Move Framework is a built-in set of Move modules in the genesis state of the chain. These modules typically implement key components such as accounts and tokens and are generally used to implement the common framework logic of specific blockchains, serving as the foundation for DApp development.

Security Experiences in Building Move DApp Applications

In the past few weeks, MoveBit, a security company focused on the Move security ecosystem, has conducted in-depth communication and collaboration with the Starcoin team, auditing every detail of the Starcoin Framework.

MoveBit thoroughly studied the code structure of Starcoin Framework, which is one of the earliest Move Frameworks launched. The code functionalities, including Account, Token, STC, Config, DAO, NFT, Oracle, Genesis, and Block, comprehensively cover most of the common scenario needs of developers. Based on this, MoveBit summarized the security experiences of building DApp applications based on Move and analyzed the following 14 types of risks.

• Transaction-ordering dependence
• Timestamp dependence
• Integer overflow/underflow
• Number of rounding errors
• Denial of service / logical oversights
• Access control
• Centralization of power
• Logic contradicting the specification
• Code clones, functionality duplication
• Gas usage
• Arbitrary token minting
• Unchecked CALL Return Values
• The flow of capability
• Witness Type

Findings of MoveBit

As the Move standard library of Starcoin, Starcoin Framework contains 69 Move source files and over 70 modules. Prior to this audit work, we read the Starcoin SIP and other development resources in advance. We first reviewed the framework architecture and then primarily conducted manual code reviews, testing, and formal verification using Move Prover.

We maintained close contact with the Starcoin team and discovered a total of 21 issues in version v11 (including 1 Major, 4 Medium, and 16 Minor), which have been compiled into an audit report and made public. During meetings with the Starcoin team, we extensively discussed all issues. Some issues have been fixed in subsequent iterations, while others will be resolved soon. Except for native functions and some functions containing unverifiable special elements (e.g., runtime type information, bitwise operators), we added formal verification code Move Specification for most functions and files. All formal verification code will be submitted as PRs to the code repository and eventually merged by the Starcoin team in future upgrades and revisions.

Audit report link: ++https://www.movebit.xyz/file/Starcoin-Framework-Audit-Report.pdf++

This audit report is the first smart contract security audit report in the global Move ecosystem, marking the beginning of the construction of the Move ecosystem's security system. MoveBit will work alongside the Move community, focusing on ensuring the security of the Move ecosystem.

About Starcoin

Starcoin, which launched its mainnet in May 2021, is the first permissionless public chain in the Move ecosystem. It provides security from the original force based on the most mature decentralized consensus enhanced PoW and the smart contract language Move, offering value-empowering digital asset services in a distributed financial network for people participating in the Web 3.0 ecosystem through layered flexible interoperability.

About MoveBit

MoveBit is a security company serving the Move ecosystem, with the vision of making the Move ecosystem the safest Web3 ecosystem. The MoveBit team consists of leading figures in security from academia and industry, with 10 years of security experience, publishing security research results at top international security academic conferences such as NDSS and CCS. The team is one of the earliest contributors to the Move ecosystem, working with Move developers to establish standards for secure Move applications. MoveBit has collaborated with many well-known exchanges and public chain projects worldwide, providing security audit services to its partners.