ICONSafe - Smart Contract Audit Request

1000×322 27.5 KB

Hello ICON Foundation,

For the last 6 months, we’ve been developing ICONSafe, a fully fledged multisig wallet developed by ICONation.

Introduction

ICONSafe is a multisig wallet with an advanced user management and built-in features for dApps running on ICON. It is mostly useful for teams willing to share mutual funds without having to risk sharing a same private key between members.

ICONSafe is able to send and receive any type of transactions or contract calls. It is also able to track any ICX and IRC2 tokens balance over time. All outgoing transactions require confirmations from the wallet owners based on a vote before being executed.

An outgoing transaction may contain multiple sub-transactions which are executed at the same time, so it is possible to create complex operations suiting for all type of situations.

The ICONSafe project is a smart contract that any developer may deploy and integrate in another smart contract project. Please note that for pratical use, we also developed a GUI heavily based on Gnosis Safe GUI in order to communicate with the ICONSafe contract.

Features

Multisig wallet basic features

• Transaction execution based on wallet owners approval

981×585 33.9 KB

1185×492 34.1 KB

Transaction management

• Add new transaction
• Approve/reject/revoke vote for pending transaction
• Delete unconfirmed transaction
• List pending and executed transactions history
• Multiple sub-transactions are executable in a single transaction

1202×583 54.8 KB

Users management

• List current multisig wallet owners

1273×580 31 KB

• Add/remove/rename owners

822×627 38.8 KB

• Change the required confirmations value

529×561 16.9 KB

Balance tracking

• Token balance tracking on-chain (ICX and IRC2)

918×874 43.6 KB

• Add any new IRC2 token to the balance tracker

541×569 30.9 KB

Transaction builder

• ICX Transfer GUI

1607×717 66.6 KB

• ICX Staking GUI

1579×1089 86.4 KB

• IRC2 Transfer GUI

1694×822 70.5 KB

• Generic contract call GUI (call any contract on MainNet)

1710×1104 70.1 KB

Audit Information

ICONSafe source code is split into 7 contracts, but only 2 of them are critical as they’re responsible of token transfers and wallet management.
We’re willing to conduct the audit of these 2 contracts with SlowMist.

Here are the source code of the contracts:

• TransactionManager (responsible of executing the multi-signed transactions)
  https://github.com/iconation/ICONSafe-SCORE/tree/afc628e7521475312859bacedc74dff1e1ec5ec2/contracts/transaction_manager

• WalletOwnersManager (responsible of managing the owners of the multisig wallet)
  https://github.com/iconation/ICONSafe-SCORE/tree/afc628e7521475312859bacedc74dff1e1ec5ec2/contracts/wallet_owners_manager

SlowMist answered positively and are willing to conduct the audit and sent us a quote.

Required information

• Link to your website : https://iconsafe.net (you may want to see our safe deployed at cx52e9fcc958cf0b63f969cdf2ef5a816f89c3b949 for testing purposes)

• Link to your white paper : N/A

• Link to your github :

  • SCORE : https://github.com/iconation/ICONSafe-SCORE
  • GUI : https://github.com/iconsafe/iconsafe.github.io

• Audit firm of choice : SlowMist (https://slowmist.com)

• Audit contract + estimate : 10350 USDT ; link of the quote from SlowMist

• Contact information for your team : iconation.team@gmail.com and/or t.me/Spl3en

Hey @Spl3en thank you for your application. I’d be happy to discuss next steps to cover your security audit. Please DM me on telegram to coordinate

Hi @Spl3en thank you for your application and dedication to building secure products for the ICON Ecosystem. Your grant request has been approved. We will coordinate over DM on telegram

Thanks to the ICON Foundation for the approval of this grant, we’re really glad to provide the best tools for the ICONists.