Prepared by:
HALBORN
Last Updated 06/10/2025
Date of Engagement: April 21st, 2025 - May 2nd, 2025
Summary
100% of all REPORTED Findings have been addressed
All findings
16
Critical
1
High
1
Medium
7
Low
5
Informational
2
Table of Contents
1. Introduction
Quex engaged Halborn to conduct a security assessment of their smart contracts from April 21st, 2025, to May 2nd, 2025. The assessment scope was limited to the smart contracts provided to the Halborn team. Commit hashes and additional details are available in the Scope section of this report.
2. Assessment Summary
The Halborn team dedicated 10 days to this engagement, assigning one full-time security engineer to evaluate the smart contracts' security.
The assigned security engineer is an expert in blockchain and smart contract security, with advanced skills in penetration testing, smart contract exploitation, and extensive knowledge of multiple blockchain protocols.
The objectives of this assessment were to:
Verify that the smart contract functions operate as intended.
Identify potential security vulnerabilities within the smart contracts.
In summary, Halborn identified several improvements to reduce the likelihood and impact of potential risks, which were mostly addressed by the Quex team. The main ones were:
Enforce certificate chain validation to maintain integrity and prevent bypasses.Limit batch sizes to prevent unbounded loops and mitigate denial-of-service risks in PlatformCA revocation.Deprecate or isolate outdated hardware to avoid compromise of the oracle network.Disable debug modes in production environments to prevent memory extraction.Prevent duplicate PCK registrations in TrustDomainFacet.Invalidate stale Trust Domain (TD) quotes to mitigate replay attacks.Implement alerts and safeguards to catch silent fund lock failures.Ensure explicit cancellation mechanisms to avoid permanent fund locks.Patch TEE_TCB_SVN counter leaks to enable effective revocation.Harden signature verification against malleability risks.Restrict contract call flows to prevent arbitrary executions.Clear revoked PCKs to eliminate storage bloat.Add comprehensive validation to critical functions.Protect against data overwrite from hash collisions.Validate upgrade events to prevent misleading off-chain monitoring.Review admin logic to prevent unintended privilege escalation.
3. SCOPE
- contracts/diamond/DiamondWritable.sol
- contracts/diamond/DiamondWritableInternal.sol
- contracts/diamond/QuexDiamond.sol
4. Findings Overview
| Security analysis | Risk level | Remediation |
|---|---|---|
| Trust Domain Validation Bypasses Certificate Chain Integrity Checks | Critical | Solved - 05/14/2025 |
| Unbounded Loop Creates Permanent DoS Risk in Platform CA Revocation | High | Solved - 05/14/2025 |
| Outdated Hardware Can Compromise Entire Oracle Network | Medium | Solved - 05/28/2025 |
| Debug Mode Enables TD Memory Extraction | Medium | Solved - 05/28/2025 |
| Duplicate PCK Registration in TrustDomainFacet | Medium | Solved - 05/14/2025 |
| Replay Attacks Through Stale TD Quotes | Medium | Risk Accepted - 06/04/2025 |
| Silent Failures Could Lock User Funds Forever | Medium | Risk Accepted - 06/04/2025 |
| Permanent Fund Lock Without Request Cancellation | Medium | Solved - 05/16/2025 |
| TEE_TCB_SVN Reference Counter Leak Prevents Permanent Revocation | Medium | Solved - 06/04/2025 |
| Signature verification vulnerable to malleability | Low | Solved - 05/15/2025 |
| Arbitrary contract call vulnerability through unrestricted flow creation | Low | Risk Accepted - 06/04/2025 |
| Storage Bloat From Unremoved Revoked PCKs | Low | Solved - 05/14/2025 |
| Critical Functions Lack Comprehensive Validations | Low | Solved - 05/15/2025 |
| Data Overwrite Risk from Hash Collisions | Low | Risk Accepted - 06/04/2025 |
| False Upgrade Events Can Mislead Off-Chain Monitoring | Informational | Acknowledged - 06/04/2025 |
| QuexDiamond Can Get Unintended Admin Rights | Informational | Solved - 05/15/2025 |
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
Table of Contents
// Download the full report
Quex V1 Contracts
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed