🛡️Security audits

CrossCurve Consensus Bridge CDP Security Audit Report by MixBytes

CrossCurve CDP (Cross-Chain Data Protocol) is a messaging protocol designed for cross-chain data transfers, utilizing multiple projects like LayerZero, Axelar Bridge and CrossCurve Bridge. This security audit covers the latest updates to the protocol logic, including the integration of Router Protocol as an additional cross-chain messaging layer.

The audit was conducted over 2 days by 3 auditors, involving an in-depth manual code review and automated analysis within the scope.

During the audit, in addition to verifying standard attack vectors and our internal checklist, we conducted an in-depth review of the following areas:

  • Cross-Chain Message Replay Protection.

  • Cross-Chain Data Decoding Consistency.

  • Treasury Fund Protection.

  • Bridge State Enforcement.

  • Threshold-Based Message Validation.

  • Threshold and Validation Enforcement.

  • Multi-Bridge Priority System.

  • State Consistency.

  • Request ID Uniqueness.

  • Correctness of the integration with Router.

  • Verification of the fee compensation module.

Eywa CDP Security Audit Report.pdf

🔗 Link to MixBytes EYWA reports.

CrossCurve DAO Security Audit Report by MixBytes

1. Project architecture review:

  • Build an independent view of the project's architecture.

  • Identifying logical flaws.

2. Checking the code in accordance with the vulnerabilities checklist:

Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.).

3. Checking the code for compliance with the desired security model:

Detect inconsistencies with the desired model.

4. Consolidation of the auditors' interim reports into one:

  • Double-check all the found issues to make sure they are relevant and the determined threat level is correct.

  • Provide the Client with an interim report.

5. Bug fixing & re-audit:

  • Verify the fixed code version with all the recommendations and its statuses.

  • Provide the Client with a re-audited report.

6. Final code verification and issuance of a public audit report:

  • Conduct the final check of the code deployed on the mainnet.

  • Provide the Customer with a public audit report.

Eywa DAO Security Audit Report.pdf 🔗 Link to MixBytes EYWA reports.

CrossCurve CLP security audit by MixBytes

A group of auditors are involved in the work on the audit. Security engineers check the provided source code independently of each other in accordance with the methodology described below:

1. Project architecture review:

  • Build an independent view of the project's architecture.

  • Identifying logical flaws.

2. Checking the code in accordance with the vulnerabilities checklist: Eliminate typical vulnerabilities (e.g. reentrancy, gas limit, flash loan attacks etc.).

3. Checking the code for compliance with the desired security model:

Detect inconsistencies with the desired model.

4. Consolidation of the auditors' interim reports into one:

  • Double-check all the found issues to make sure they are relevant and the determined threat level is correct.

  • Provide the Client with an interim report.

5. Bug fixing & re-audit:

  • Verify the fixed code version with all the recommendations and its statuses.

  • Provide the Client with a re-audited report.

6. Final code verification and issuance of a public audit report:

  • Conduct the final check of the code deployed on the mainnet.

  • Provide the Customer with a public audit report.

Eywa CLP Security Audit Report.pdf

🔗 Link to MixBytes EYWA reports.

CrossCurve CDP security audit by Smartstate

The core architectural element of the CrossCurve ecosystem is the CrossCurve Cross-chain Data Protocol, which is a transport layer between blockchains. All CrossCurve products for DeFi users are based on this protocol.

Although at the time of this audit the core of CrossCurve multisig is represented by a trusted group of projects, CrossCurve aims for DAO, as reflected in CrossCurve project current documentation.

CDP Smart Contracts: These smart contracts serve as a means for sending and accepting cross-chain calls. They also include a node registration contract used in the Proof of Authority (POA) consensus among oracle nodes.

Smart State evaluation: 8/10

EYWA_CDP_SС_report.pdf CDP report from SmartState

CrossCurve CLP security audit by Smartstate

CrossCurve Cross-chain Liquidity Protocol ensures the operation of EYWA DEX v1

CLP smart contracts - are smart contracts for processing synth and burn operations, as well as mint and lock tokens. They are also responsible for swap processing and liquidity handling operations.

Smart State evaluation: 10/10

10MB
EYWA_CLP_SС_report.pdf
PDF
Open
CLP report from SmartState Jun 05 2023
1MB
CrossCurve_Metalayer_CLP_smart_contract_audit_report_Ver_1_2_August.pdf
PDF
Open
CLP Smart contract audit report from SmartState Aug 29 2025

🔗 Link to SmartState CrossCurve reports.

Security audits by Hexens

The Hexens team audited various components of CrossCurve, such as the BLS cryptography module in CrossCurve CDP as well as EYWA NFT.

PreviousTechnical Documentation for CrossCurve APINextTeam

Last updated