f3d2961b97
Some checks failed
CI/CD Pipeline / Lint and Format (push) Failing after 46s
CI/CD Pipeline / Terraform Validation (push) Failing after 35s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 37s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 1m50s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 2m19s
Validation / validate-genesis (push) Successful in 51s
Validation / validate-terraform (push) Failing after 39s
Validation / validate-kubernetes (push) Failing after 10s
CI/CD Pipeline / Solidity Contracts (push) Failing after 12m56s
Validation / validate-smart-contracts (push) Failing after 12s
CI/CD Pipeline / Security Scanning (push) Failing after 15m52s
Validation / validate-security (push) Failing after 10m59s
Validation / validate-documentation (push) Failing after 17s
Validate Token List / validate (push) Failing after 30s
OMNL reconcile anchor / Run omnl:reconcile and upload artifacts (push) Failing after 26s
Verify Deployment / Verify Deployment (push) Failing after 56s
1.6 KiB
1.6 KiB
HYBX OMNL — external audit checklist
Use this with a third-party firm before high-value production. Scope aligns with SECURITY_THREAT_MODEL.md.
Solidity (in scope)
PolicyMath.sol— rounding, overflow, parameter bounds vs documented policy.InstrumentRegistry.sol— role changes, line lifecycle, token registration assumptions.ReserveCommitmentStore.sol—commitReserve/commitReserveAttested, ECDSA digest, replay, threshold logic.ComplianceCore.sol—getCompliancesemantics vsPolicyMath, stale attestation,reportingCompliant.OMNLCircuitBreaker.sol— pause semantics, admin roles.OMNLMirrorReceiver.sol— CCIP payload decoding, selector allowlist, monotonic version.OMNLMirrorCoordinator.sol— native vs ERC-20 fee path,approve/SafeERC20, reentrancy surface (minimal).
Operational evidence to provide auditors
- Deployed addresses per chain (138 / 651940) and verification on block explorers.
- Key ceremony summary (HSM / multisig); no plaintext prod keys in CI.
- CCIP lane configuration (router, selectors, fee token).
- Sample
ReserveCommittedand mirror receive transactions on testnet/staging.
Off-chain (optional scope)
- Token-aggregation OMNL routes — rate limits,
OMNL_API_KEYusage, webhook HMAC verification at receivers. - IPSAS registry / journal matrix change control (who can commit, how hash is anchored).
Sign-off
| Finding | Severity | Remediation | Retest date |
|---|---|---|---|