We are also excited to share that Cyfrin has completed another audit on the NTT framework. This audit was performed over the diff from their previous NTT audit and the v1.1.0+evm release, which was used for this deployment. You can view both audits here:
- Most recent audit of the diff: wormhole-audits/2024-07-23-cyfrin-wormhole-evm-ntt-diff-v1.1.0.pdf at main · wormhole-foundation/wormhole-audits · GitHub
- Original NTT audits:
We are also re-sharing the other audits which were performed by Cyfrin on the WstEthL2Token and the Axelar Transceiver:
- Axelar Transceiver: https://github.com/wormhole-foundation/example-wormhole-axelar-wsteth/blob/main/au[…]4-07-01-cyfrin-wormhole-axelar-wsteth-axelar-transceiver-v2.pdf
- WstEthL2Token: https://github.com/wormhole-foundation/example-wormhole-axelar-wsteth/blob/main/au[…]4-06-10-cyfrin-audit-2024-06-wormhole-axelar-wsteth-l2token.pdf
*We’d like to note that the two findings in the original NTT Cantina audit were acknowledged and fixed. The first Cantina finding (3.1.1) was fixed by PR evm: Fix quoting with transceiver instructions by djb15 · Pull Request #360 · wormhole-foundation/example-native-token-transfers · GitHub. This was the same as finding 7.1.2 in the original/first Cyfrin report and was reviewed by Cyfrin before merging. The second Cantina finding (3.1.2) was fixed and audited by Wormhole Contributors and Asymmetric Research, as well as by Cyfrin in their latest audit: evm: Check forks on all entrypoints by djb15 · Pull Request #378 · wormhole-foundation/example-native-token-transfers · GitHub.