- Assurance
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Smart Contract Assessment
  Securing code integrity, protecting digital assets
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Blockchain Layer 1 Assessment
  Assessing protocols, securing blockchain foundations
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Code Security Audit
  Uncovering flaws, strengthening software integrity
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Web Application Penetration Testing
  Exposing weaknesses, fortifying digital defenses
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Cloud Infrastructure Penetration Testing
  Securing configurations, protecting critical environments
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  Red Team Exercise
  Simulating real-world attacks, strengthening defenses
  AI Red Teaming
  Testing AI systems against real threats
  AI Red Teaming
  Testing AI systems against real threats
  AI Security Assessment
  Securing AI models, data, and pipelines
  AI Security Assessment
  Securing AI models, data, and pipelines
- Advisory
  AI Advisory
  Guiding secure, strategic AI adoption forward
  AI Advisory
  Guiding secure, strategic AI adoption forward
  Risk Assessment
  From unknown threats to actionable insights
  Risk Assessment
  From unknown threats to actionable insights
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Blockchain Architecture Assessment
  Optimizing architecture for tomorrow’s networks
  Compliance Readiness
  Stay ready as regulations evolve
  Compliance Readiness
  Stay ready as regulations evolve
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Custody and Key Management Assessment
  Securing the heart of digital custody
  Technical Due Diligence
  See the risks before you invest
  Technical Due Diligence
  See the risks before you invest
  Technical Training
  Empower your teams to secure what matters
  Technical Training
  Empower your teams to secure what matters

Noble Dollar v2 - IBC Support Update - Noble Assets

Prepared by:

HALBORN

Last Updated 04/30/2025

Date of Engagement: April 21st, 2025 - April 23rd, 2025

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Introduction
2. Assessment summary
3. Caveats
4. Scope
5. Findings overview

1. Introduction

Noble engaged Halborn to conduct a security assessment on their smart contracts beginning on April 21st, 2025 and ending on April 25th, 2025. The security assessment was scoped to some changes made to a Cosmos module provided to the Halborn team. Commit hashes and further details can be found in the Scope section of this report.

2. Assessment Summary

The team at Halborn was provided nine days for the engagement and assigned one full-time security engineer to assessment the security of the merge requests. The security engineers are blockchain and smart-contract security experts with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

Ensure that the Golang components operate as intended.
Identify potential security issues with the Cosmos application.

In summary, Halborn identified some issues and improvements to reduce the likelihood and impact of risks, which were mostly addressed by the Noble team. The main ones were the following:

Implement IBC callback handlers and tracking system for pending transfers to recover tokens in case of transfer failures.
Update dependencies with public known issues/vulnerabilities.
Implement logic related to error handling.
Improve ICS4Wrapper packet validations.

3. Caveats

The security assessment is strictly limited to the files directly affected by the diff between the main (83a5546) and v2 (ffef804) branches. Only changes introduced or modified in this comparison are considered; any pre-existing vulnerabilities or issues outside of these specific files fall outside the scope of this review. Additionally, the audit does not encompass dependencies, configuration files, or runtime environments. As such, findings and recommendations pertain solely to the code and files that have been added, removed, or changed in this particular branch comparison.

4. SCOPE

REPOSITORY

(a) Repository: dollar

(b) Assessed Commit ID: 83a5546

genesis.go
isc4_wrapper.go
keeper/keeper.go

↓ Expand ↓

Out-of-Scope: Third party dependencies and economic attacks.

Remediation Commit ID:

Out-of-Scope: New features/implementations after the remediation commit IDs.

5. Findings Overview

Security analysis	Risk level	Remediation
Unhandled IBC Transfer Failures	Critical	Solved - 04/29/2025
Use of vulnerable dependency	Low	Solved - 04/29/2025
Unhandled Error Leading to Silent Failures	Informational	Acknowledged - 04/29/2025
Potential Inadequate Packet Validation in ICS4Wrapper	Informational	Acknowledged - 04/29/2025

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.

1. Introduction
2. Assessment summary
3. Caveats
4. Scope
5. Findings overview

// Download the full report

Noble Dollar v2 - IBC Support Update

* Use Google Chrome for best results

** Check "Background Graphics" in the print settings if needed

← Back to Audits