This report presents the results of Consensys Diligence engagement with iExec to review their PoCo (Proof of Contribution) protocol.
The review was conducted over the course of two weeks, from March 30, 2020 to April 10, 2020 by Gonçalo Sá and Shayan Eskandari. A total of 15 person-days were spent.
During the first week, Consensy focused their efforts on understanding the intention of the design (which is mostly provided through communication with the client and the resources provided in the README of the main repository under review, poco-dev
), and defining the key risk factors and potential vulnerabilities requiring further investigation. They also initiated an isolated code review of the iexec-solidity
repository, still not considering interactions with the poco-dev
codebase.
During the second week, they initiated the code review efforts for both repositories under review. Focusing on interactions between the two repositories and a standalone review of the ERC1538 delegates present in the poco-dev
repository.