Public Report

// audit details
Finalized public report

Soroban Environment Audit

Soroban Smart Contract Platform (Stellar)

December 20, 2024RustInfrastructure

Critical / High

0Highest severity

Medium

1Moderate risk

Low / Informative

0Lower severity

Report files

1Downloadable assets

Audit lifecycle

Public reports represent completed engagements with finalized deliverables.

Completed
1

Completed

Scheduled

Scope, timeline, and review plan were agreed.

2

Completed

In Progress

Manual review and verification work were carried out.

Current stage

Completed

The engagement wrapped with a published final report.

Executive Summary

High-level assessment and conclusions

A concise overview of the audit scope, core findings, and the key outcomes from the engagement.

The Stellar Development Foundation (SDF) engaged Runtime Verification Inc. to conduct a security audit of the Soroban smart contract platform. The objective was to review the logic and implementation of critical components and identify any issues that could cause erroneous or undefined behavior, potentially leading to exploitation or malicious interaction with the Stellar network.
The audit was conducted over a period of approximately 10 calendar weeks, concluding on December 23, 2024. It focused on analyzing the following accepted Core Advancement Proposals (CAPs): CAP-0051, CAP-0053, CAP-0054, CAP-0055, CAP-0056, CAP-0058, CAP0059, and CAP-0060.
Given the extensive and complex nature of Soroban's codebase, a comprehensive approach was adopted to ensure the highest guarantees within the allocated timeframe. The audit encompassed two primary areas: a thorough code review of the specified CAPs, prioritized by their criticality, and dedicated fuzz testing using a variety of tools and configurations. The Soroban codebase is well-structured, adhering to best practices and containing informative documentation that clarifies complex invariants.

Reports

Download the audit artifacts

Access the published PDF deliverables associated with this engagement.

1 file

PDF report 1

Stellar_Soroban_Environment_Audit.pdf

Download the published report for this engagement.

Download PDF