The Liquid Bitcoin protocol of Lombard Finance is used by the user Solana SPL token form ( LBTC
).
Lombard Finance worked with Ackee Blockchain Security to provide security review as a total time donation of the 12th engineering day between March 3 and March 18, 2025.
Second, the revision review was carried out for the revision of the previous revision.
Lombard Finance worked with Ackee Blockchain Security to conduct another security review of liquid bitcoin protocol with a total time donation of 3 days between March 25 and March 28, 2025.
The modification review of the second amendment was then performed on the revision of the revised 2.0, including the scope expansion described below.
methodology
We started to review as we became accustomed to codebase and range of business logic. It took a considerable time to review the document and investigate the wider range of the protocol (for example, Babylon Bitcoin Starking).
After completing the initial study, the code base was conducted manual review. The manual review consists of several stages, and the first step is usually focused on understanding codebase.
- Components of the Solana program;
- All guidelines that the program accepts;
- Architecture and structure of codebase; and
- All information projects are stored in the chain.
After setting this early understanding, we went forward to the second stage, where we reviewed the codes of each line. This is composed of in -depth analysis, potential problems, bugs and security issues.
During the manual review, we paid special attention later.
- Make the project correctly initialized and configured.
- Checking the mining of LBTC is firmly processed.
- Checking the verification process cannot be bypassed.
- Make sure the protocol works transparently as expected.
- Check that there is no mechanism that can be used for users. and
- We are looking for a common problem that can occur in the code base.
While reviewing the BASCULE program, we tested that the protocol worked as intended by the concept proof test. This review continued with a deeper understanding of the program, and in the meantime, we have guaranteed:
- It is used correctly during the cross program call (CPI) of the LBTC program.
- Only appointed reporters can submit new deposits.
- Only appointed validation can be deceived by this deposit.
- All potential scenarios are dealt with correctly (e.g., scenarios under the verification threshold); and
- All mint requests are still verified and cannot be bypassed.
range
The first audit was performed at Commit 9171ae4
And the range is as follows:
- Excluding external dependence LOMBARD Finance Solana Contract
Revision 1.1 was performed in a given commit. ca1ccb2
I focused on modifications of the first gratitude.
Revision 2.0 was performed at Commit c96dc36
And the range is as follows:
- Except for external dependence, Lombard Finance Solana Contract;
- BASCULE program except external dependencies.
Then I did revision 2.1 at Commit 9001c77
Modifications provided in the revised 2.0. Scope is source code (e.g. G, change_mint_auth
) This addition was not reviewed because it was not in the range for revision 2.0.
Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. wAnnings or menFormational Severe rating.
Our review results have emerged 22 DiscoveryIt ranges from information to seriousness. The problem was fixed or recognized by the customer. For an overview, read the entire report linked below.
Threshold
There was no important serious problem.
The severity is high
H1: Unauthorized LBTC mining possible
Intermediate
M1: Inappropriate fees
M2: Run initialization front as possible
M3: Repayment does not allow asset refunds
M4: minters are risk of security
M5: A cross program call cannot be executed due to the configuration account.
M6: Cross program calls cannot be executed due to immutable accounts
Low severity
L1: The originality of role -based access control is not guaranteed
Significance of warning
W1: Can’t transfer the configuration organization
W2: The Treasury Department can make the protocol non -operating.
W3: Signature of weighted validation test
W4: Calling the depreciated cross program call
W5: The field may not be initialized
W6: UnstakeRequest
We do not consider fees
W7: Panic potential caused by arithmetic overflow
W8: Unexpected movements on the vector boundary
W9: Unfinished code can cause undesirable behavior
W10: run initialization front
W11: cannot be delivered BasculeData
authority
Information seriousness
I1: inaccurate opinion
I2: You can improve your code quality
i3: Unnecessary storage of the BASCULE program in the configuration account
Trust model
The protocol implements the Role-based Access Control (RBAC) with multiple privileges and message verification processes, but the user must trust:
- Configuration manager to set appropriate operating costs;
- Minters can circulate new tokens of Solana blockchain, so configuration manager to assign minters with security considerations;
- Protocols for maintaining appropriate verification because the minimum limit of off chain validation is set to 1; and
- Protocol to initialize correctly
LBTC
Token, this means not misusefreeze_authority
Or expanded token-2022.
conclusion
AcKee Blockchain Security recommended Lombard Finance to solve all the reported problems.
You can find the entire Lombard Finance Liquid Bitcoin audit report of ACKEE BLOCKCHAIN Security. here.
We were happy to be grateful for Lombard Finance and expect to work with them again.