KEY TAKEAWAYS
- Zellic completed a 33-week audit of Radix’s code base, identifying only six minor issues, all of which were addressed.
- The audit praised Radix’s badge-based security model for its simplicity and effectiveness in preventing access-control issues.
- Radix’s architecture was noted for its robustness, eliminating common bugs and ensuring strong security guarantees.
Security research firm Zellic has concluded a detailed 33-week audit of the Radix code base, focusing on asset safety, architectural design security, and liveness. The audit findings were overwhelmingly positive, with only six issues identified, none of which were of high or critical impact. All issues, except for one informational notice, were promptly addressed before the audit’s conclusion.
The Zellic team initially approached Radix’s novel security architecture with skepticism. This architecture departs from the common authorization stems from the caller pattern, opting instead for a badge-based, unified security model. However, the auditors quickly recognized the flexibility and robustness of the design, ultimately praising its simplicity and straightforwardness. They noted that it avoids many subtle bugs seen in other networks.
Audit Methodology and Findings
Zellic’s audit process, informed by their extensive experience with L1s and L2s, including EVM-based systems and platforms like Aptos, Sui, and Solana, focused on several key areas. These included coding mistakes, architecture risks, arithmetic issues, implementation risks, and availability issues. The audit revealed that Radix performed exceptionally well across these categories, with the audit team consistently impressed by the defense-in-depth security philosophy and strong ownership guarantees.
Most of the issues discovered were related to the fee costing of certain operations, which allowed a knowledgeable attacker to cause the network to spend more time in validation than the transaction’s XRD cost would typically permit. These issues were easily resolved with an updated fee table. Additionally, an issue related to subgroup membership checks in BLS signature aggregation in Scrypto was identified and promptly fixed.
Praise for Radix’s Security and Ownership Systems
Zellic’s auditors highlighted Radix’s native resource model as a standout feature, noting its ability to maintain invariants and eliminate common bugs related to token handling. The badge-based security model was also praised for its simplicity and effectiveness in preventing access-control issues through user error. The native Account component was singled out as an example of Radix’s robust access control, ensuring security measures are implemented at the blockchain level.
The audit report emphasized the ease of reasoning about Radix’s single ownership model and strong security guarantees. The auditors noted that entire classes of common bugs were impossible to achieve within Radix’s architecture. They cited the example of a flash loan, which is difficult to safely code on other networks, but straightforward in Radix due to its clear intent and security guaranteed by ownership rules.
The full Zellic audit report can be accessed here.
Why This Matters: Impact, Industry Trends & Expert Insights
Zellic has completed a comprehensive 33-week audit of the Radix code base, finding no high or critical issues and validating Radix’s novel security architecture.
Recent industry reports indicate that the blockchain security audit market is projected to reach USD 15.5 billion by 2033. This growth is driven by increasing adoption across industries and regulatory scrutiny. This aligns with the positive outcomes from Radix’s audit, showcasing the importance of robust security measures in maintaining trust and compliance in blockchain systems.
As per insights from a Coin Bureau review, Radix’s asset-oriented smart contract environment enhances security in DeFi applications. This reinforces the positive audit results from Zellic, highlighting Radix’s commitment to maintaining a secure and reliable blockchain platform.
Explore More News:
Disclaimer: The views expressed in this article are those of the authors and do not necessarily reflect the official policy of CoinsHolder. Content, including that generated with the help of AI, is for informational purposes only and is not intended as legal, financial, or professional advice. Readers should do their research before taking any actions related to the company and carry full responsibility for their decisions.
