Noble Dollar v2 - IBC Support Update - Noble Assets

1. Introduction

Noble engaged Halborn to conduct a security assessment on their smart contracts beginning on April 21st, 2025 and ending on April 25th, 2025. The security assessment was scoped to some changes made to a Cosmos module provided to the Halborn team. Commit hashes and further details can be found in the Scope section of this report.

2. Assessment Summary

The team at Halborn was provided nine days for the engagement and assigned one full-time security engineer to assessment the security of the merge requests. The security engineers are blockchain and smart-contract security experts with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.

The purpose of this assessment is to:

• Ensure that the Golang components operate as intended.

• Identify potential security issues with the Cosmos application.

In summary, Halborn identified some issues and improvements to reduce the likelihood and impact of risks, which were mostly addressed by the Noble team. The main ones were the following:

• Implement IBC callback handlers and tracking system for pending transfers to recover tokens in case of transfer failures.

• Update dependencies with public known issues/vulnerabilities.

• Implement logic related to error handling.

• Improve ICS4Wrapper packet validations.

3. Caveats

The security assessment is strictly limited to the files directly affected by the diff between the main (83a5546) and v2 (ffef804) branches. Only changes introduced or modified in this comparison are considered; any pre-existing vulnerabilities or issues outside of these specific files fall outside the scope of this review. Additionally, the audit does not encompass dependencies, configuration files, or runtime environments. As such, findings and recommendations pertain solely to the code and files that have been added, removed, or changed in this particular branch comparison.