Coinspect has published the results of their security audit of the Tricorn Bridge's Soroban integration, conducted in collaboration with Boosty Labs and the Stellar Development Foundation. The audit identified 3 high-risk, 6 medium-risk, and 1 low-risk vulnerabilities in the smart contract's Rust source code and Golang backend. All findings have been addressed by the development teams, enhancing Soroban security knowledge.
In partnership with the Stellar Development Foundation, Coinspect conducted comprehensive security reviews of Soroban-based projects, releasing the first detailed report on the Tricorn Bridge. Starting in April 2024, Coinspect and Boosty Labs audited the Tricorn Bridge's Stellar Soroban integration, focusing on the Rust smart contract source code and its Golang backend integration. The bridge enables token transfers between Soroban and Tricorn-supported chains, handling both managed and non-managed tokens. The audit uncovered 3 high-risk vulnerabilities (including arbitrary commission address modification and fund theft via Bridge Out), 6 medium-risk, and 1 low-risk issue, plus a storage exhaustion risk that could disable the bridge. All vulnerabilities were promptly fixed by the teams, contributing valuable insights to the Soroban security ecosystem.
