Soroban Environment Audit
Soroban Smart Contract Platform (Stellar)
Critical / High
Medium
Low / Informative
Report files
Audit lifecycle
Public reports represent completed engagements with finalized deliverables.
Completed
Scheduled
Scope, timeline, and review plan were agreed.
Completed
In Progress
Manual review and verification work were carried out.
Current stage
Completed
The engagement wrapped with a published final report.
Executive Summary
High-level assessment and conclusions
A concise overview of the audit scope, core findings, and the key outcomes from the engagement.
The Stellar Development Foundation (SDF) engaged Runtime Verification Inc. to conduct a security audit of the Soroban smart contract platform. The objective was to review the logic and implementation of critical components and identify any issues that could cause erroneous or undefined behavior, potentially leading to exploitation or malicious interaction with the Stellar network.
The audit was conducted over a period of approximately 10 calendar weeks, concluding on December 23, 2024. It focused on analyzing the following accepted Core Advancement Proposals (CAPs): CAP-0051, CAP-0053, CAP-0054, CAP-0055, CAP-0056, CAP-0058, CAP0059, and CAP-0060.
Given the extensive and complex nature of Soroban's codebase, a comprehensive approach was adopted to ensure the highest guarantees within the allocated timeframe. The audit encompassed two primary areas: a thorough code review of the specified CAPs, prioritized by their criticality, and dedicated fuzz testing using a variety of tools and configurations. The Soroban codebase is well-structured, adhering to best practices and containing informative documentation that clarifies complex invariants.
Reports
Download the audit artifacts
Access the published PDF deliverables associated with this engagement.
PDF report 1
Stellar_Soroban_Environment_Audit.pdf
Download the published report for this engagement.