XCMv2 Audit Completed by Quarkslab
XCM (Cross-Consensus Messaging format) provides a fundamental utility for the Polkadot technology stack. It enables seamless communication between blockchains as well as pallets (Substrate runtime modules) and smart contracts (including over bridges and sharded enclaves like Polkadot’s SPREE), fulfilling Polkadot’s foundational objective to be a fully-functioning, interoperable multichain ecosystem. Crucially, XCM is consensus agnostic, meaning it can be used to communicate between blockchains with differing consensus systems, and conceivably even between disparate ecosystems such as Polkadot and Ethereum.
Having a common messaging format broadens the scope of projects in the Polkadot and Substrate ecosystem, allowing cross-chain communication, a defining functionality for connecting chains and dapps not necessarily working under the same technology or consensus rules, providing a solid foundation for the future of Web3.
For background on XCM, see the recent series of blogs (Part I, Part II, Part III) by Polkadot founder Dr. Gavin Wood examining the importance and functionality of the format.
Auditing XCMv2
XCMv2, deployed first on Kusama, Polkadot’s canary network, has now been audited for a second time and is ready for production release. Because of the scope of cross-consensus messaging for the Polkadot network, it is crucial that every iteration of XCM undergoes independent review from external security organizations.
Quarkslab has completed a comprehensive second audit (a previous audit was already completed by another security firm) of XCMv2, an overview of which can be found here. The goal of this audit was to discover any potential cross-chain security or fairness issues, including logical bugs, denial-of-service, and incorrect lock/unlock or burn/mint on both chains.
The findings
Two security engineers from Quarkslab carried out the audit over a span of 50 man-days. They did not uncover any important security issues within XCMv2. Additionally, the scope of the audit included an examination of the underlying security of multiple XCM components. This makes the audit report useful for anyone interested in exploring the inner workings of XCM.
A full audit report can be found here.
Keep up to date with the latest XCM developments
Following the full audit, XCMv2 is ready for production release, and XCMv3 is currently in the final stages of development. For information on using XCM, watch the workshop from Parity’s Shawn Tabrizi. For updates, follow the xcm-format repository on GitHub, and follow Polkadot on Twitter and sign up for the newsletter.
Interested in building on Polkadot or Kusama? Get in touch!
From the blog
The landscape of trustless bridges on Polkadot
With research and writing from Oliver Brett, Adrian Catangiu, and Aidan Musnitzky, this article explores the rich environment of bridge building, both within Polkadot and to external ecosystems. Any Web3 protocol with true aspirations of interoperability needs to consider the development and deployment of bridges to external networks, and in this sense Polkadot is no different. Blockchain bridges are, in essence, mechanisms for two sovereign chains with different technological foundations to o
Unleashing the Potential of AI with Polkadot: the Blockchain Powered Revolution
Blockchain technology has opened up a world of possibilities, and nowhere is this more evident than in the emerging field of artificial intelligence (AI). The Polkadot network is at the forefront of this revolution, serving as a powerful platform for innovative AI projects that are pushing the boundaries of what's possible. In this blog, we'll dive into some of the most exciting AI initiatives within the Polkadot ecosystem, exploring how these projects are leveraging Polkadot's advanced capabili
Polkadot Decoded 2024 Call for Speakers now open
The Polkadot Decoded 2024 Call for Speakers is now open for submissions. Do you have an idea for a talk, panel workshop, or pitch session for the Polkadot Decoded 2024 flagship event? Submit your talk today.