Visit websiteTry Testnet

Security Audits

Botanix Labs has conducted comprehensive security audits of its core infrastructure to ensure the highest level of security for users and the protocol. This section provides detailed information about each audit conducted by leading blockchain security firms.

Overview

Botanix has undergone multiple professional security audits covering the critical components of the Botanix ecosystem. Each audit was conducted by specialized security firms with expertise in blockchain and smart contract security.

Audited Components

  1. Core Logic - Core protocol logic, consensus mechanisms, and system architecture

  2. stBTC Contract - Bitcoin staking functionality and vault management

  3. Minting Contract - Smart contract responsible for minting and burning Bitcoin on Botanix

Core Logic Audit

506KB
Sigma Prime - Core Logic Audit.pdf
pdf

Audit Overview

Auditor: Sigma Prime Date: May 2025 Focus: Comprehensive security review of core protocol infrastructure Type: Time-boxed security assessment

Scope

Primary Repository: https://github.com/botanix-labs/Macbeth Commit: 3a5bb70 (initial), 3868b40 (fixes assessment) Languages: Solidity and Rust Components: Core protocol logic, consensus mechanisms, network protocols

Methodology

Solidity Components

  • Manual Review: Business logic implementation analysis

  • Automated Tools:

    • Mythril: Symbolic execution analysis

    • Slither: Static analysis detection

    • Surya: Code visualization and metrics

    • Aderyn: Advanced vulnerability detection

  • Focus Areas: Reentrancy, front-running, integer overflow, visibility specifiers

Rust Components

  • Manual Review: Business logic and language-specific vulnerability analysis

  • Automated Tools:

    • Clippy: Linting and best practices

    • Cargo Audit: Dependency vulnerability scanning

    • Cargo Outdated: Dependency freshness analysis

    • Cargo Geiger: Unsafe code detection

    • Cargo Tarpaulin: Code coverage analysis

  • Focus Areas: Memory safety, panic scenarios, error handling, concurrency issues

Findings Summary

Total Findings: 34 issues identified

Severity
Count
Status Distribution

Critical

10

All Resolved

High

10

All Resolved

Medium

3

All Resolved

Low

5

4 Resolved, 1 Closed

Informational

6

1 Resolved, 5 Closed

stBTC Contract Audit

176KB
Spearbit - stBTC Security Review Final.pdf
pdf

Audit Overview

Auditor: Sigma Prime & Spearbit Date: May 2025 Focus: Bitcoin staking contract security analysis Repository: ControlCplusControlV/stBTC Commit: 3d22855

Scope

The stBTC audit focused on the Bitcoin staking infrastructure, examining:

  • ERC4626 Vault Implementation: Standard compliance and security

  • Staking Mechanisms: Token deposit and withdrawal security

  • Reward Distribution: Fair and secure reward calculation

  • Inflation Attack Prevention: Protection against vault manipulation

Methodology

  • Standard Compliance: Verification of ERC4626 implementation

  • Economic Security: Analysis of tokenomics and incentive structures

  • Attack Vector Analysis: Focus on known vault vulnerabilities

  • Integration Testing: Compatibility with Botanix ecosystem

Risk Assessment

Overall Security Posture

  • Implementation Quality: High-quality implementation based on industry standards

  • Attack Resistance: Strong resistance to common vault attacks

  • Economic Security: Sound tokenomics with low exploitation risk

Identified Risks

  • Theoretical Inflation Attacks: Very low probability, high complexity scenarios

  • Economic Conditions: Dependency on specific market and timing conditions

  • Multi-victim Scenarios: Requires coordination of multiple factors

Risk Mitigation

  • Design Choices: Intentional risk acceptance based on low probability

  • Monitoring: Potential for enhanced monitoring systems

  • Community Oversight: Transparent operation and community validation

Minting Contract Audit

Audit Overview

Auditor: Hacken Date: November 6, 2024 Focus: Smart Contract Code Review and Security Analysis Methodology: Comprehensive analysis following Hacken's established smart contract methodology

Scope

The audit focused on the Minting contract, a crucial component of Botanix's Layer 2 solution for Bitcoin that leverages the EVM as a foundational superstructure.

Repository: https://github.com/botanix-labs/Macbeth Commit: bac1da04873b378d9a195e897fb92c75412a5f72 Platform: Botanix EVM Language: Solidity

Methodology

The security assessment covered:

  • Manual code review focusing on business logic implementation

  • Internal contract interactions verification

  • Known Solidity anti-patterns and attack vectors identification

  • Automated testing using industry-standard tools:

    • Mythril

    • Slither

    • Surya

    • Aderyn

Key Areas Examined

  • Access Control: Function-level permission verification

  • Input Validation: Parameter sanitization and bounds checking

  • Reentrancy Protection: Guards against recursive call attacks

  • Integer Operations: Overflow/underflow prevention

  • Gas Optimization: Efficient resource usage analysis

Conclusion

The comprehensive audit process has significantly strengthened Botanix's security posture across all major components. With all critical vulnerabilities resolved and robust security measures implemented, Botanix provides a secure foundation for Bitcoin Layer 2 operations.

Each audit contributed essential security improvements:

  • Minting Contract: Secured core bridging functionality

  • Macbeth Repository: Hardened protocol infrastructure and consensus mechanisms

  • stBTC Contract: Validated staking security and economic models

PreviousFully Decentralized Layer 2NextGetting started with the Botanix EVM (testnet)

Last updated

Was this helpful?