Quex V1 Contracts - Quex

Prepared by:

HALBORN

Last Updated 06/10/2025

Date of Engagement: April 21st, 2025 - May 2nd, 2025

Summary

100% of all REPORTED Findings have been addressed

All findings

Critical

High

Medium

Low

Informational

1. Introduction
2. Assessment summary
3. Scope
4. Findings overview

1. Introduction

Quex engaged Halborn to conduct a security assessment of their smart contracts from April 21st, 2025, to May 2nd, 2025. The assessment scope was limited to the smart contracts provided to the Halborn team. Commit hashes and additional details are available in the Scope section of this report.

2. Assessment Summary

The Halborn team dedicated 10 days to this engagement, assigning one full-time security engineer to evaluate the smart contracts' security.

The assigned security engineer is an expert in blockchain and smart contract security, with advanced skills in penetration testing, smart contract exploitation, and extensive knowledge of multiple blockchain protocols.

The objectives of this assessment were to:

Verify that the smart contract functions operate as intended.
Identify potential security vulnerabilities within the smart contracts.

In summary, Halborn identified several improvements to reduce the likelihood and impact of potential risks, which were mostly addressed by the Quex team. The main ones were:

Enforce certificate chain validation to maintain integrity and prevent bypasses.
Limit batch sizes to prevent unbounded loops and mitigate denial-of-service risks in PlatformCA revocation.
Deprecate or isolate outdated hardware to avoid compromise of the oracle network.
Disable debug modes in production environments to prevent memory extraction.
Prevent duplicate PCK registrations in TrustDomainFacet.
Invalidate stale Trust Domain (TD) quotes to mitigate replay attacks.
Implement alerts and safeguards to catch silent fund lock failures.
Ensure explicit cancellation mechanisms to avoid permanent fund locks.
Patch TEE_TCB_SVN counter leaks to enable effective revocation.
Harden signature verification against malleability risks.
Restrict contract call flows to prevent arbitrary executions.
Clear revoked PCKs to eliminate storage bloat.
Add comprehensive validation to critical functions.
Protect against data overwrite from hash collisions.
Validate upgrade events to prevent misleading off-chain monitoring.
Review admin logic to prevent unintended privilege escalation.

3. SCOPE

REPOSITORY

(a) Repository: quex-v1-contracts

(b) Assessed Commit ID: dbc2f15

contracts/diamond/DiamondWritable.sol
contracts/diamond/DiamondWritableInternal.sol
contracts/diamond/QuexDiamond.sol

↓ Expand ↓

Out-of-Scope: contracts/facets/p256_verifier/P256VerifierFacet.sol, third party dependencies and economic attacks.

Remediation Commit ID:

Out-of-Scope: New features/implementations after the remediation commit IDs.

4. Findings Overview

Security analysis	Risk level	Remediation
Trust Domain Validation Bypasses Certificate Chain Integrity Checks	Critical	Solved - 05/14/2025
Unbounded Loop Creates Permanent DoS Risk in Platform CA Revocation	High	Solved - 05/14/2025
Outdated Hardware Can Compromise Entire Oracle Network	Medium	Solved - 05/28/2025
Debug Mode Enables TD Memory Extraction	Medium	Solved - 05/28/2025
Duplicate PCK Registration in TrustDomainFacet	Medium	Solved - 05/14/2025
Replay Attacks Through Stale TD Quotes	Medium	Risk Accepted - 06/04/2025
Silent Failures Could Lock User Funds Forever	Medium	Risk Accepted - 06/04/2025
Permanent Fund Lock Without Request Cancellation	Medium	Solved - 05/16/2025
TEE_TCB_SVN Reference Counter Leak Prevents Permanent Revocation	Medium	Solved - 06/04/2025
Signature verification vulnerable to malleability	Low	Solved - 05/15/2025
Arbitrary contract call vulnerability through unrestricted flow creation	Low	Risk Accepted - 06/04/2025
Storage Bloat From Unremoved Revoked PCKs	Low	Solved - 05/14/2025
Critical Functions Lack Comprehensive Validations	Low	Solved - 05/15/2025
Data Overwrite Risk from Hash Collisions	Low	Risk Accepted - 06/04/2025
False Upgrade Events Can Mislead Off-Chain Monitoring	Informational	Acknowledged - 06/04/2025
QuexDiamond Can Get Unintended Admin Rights	Informational	Solved - 05/15/2025

Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.