- Total Prize Pool: $100,000 in USDC
- HM awards: up to $81,600 in USDC
- If no valid Highs or Mediums are found, the HM pool is $0
- QA awards: $3,400 in USDC
- Judge awards: $2,500 in USDC
- Scout awards: $500 in USDC
- Mitigation Review: $12,000 in USDC
- HM awards: up to $81,600 in USDC
- Read our guidelines for more details
- Starts November 18, 2025 20:00 UTC
- Ends December 9, 2025 20:00 UTC
- Judging phase risk adjustments (upgrades/downgrades):
- High- or Medium-risk submissions downgraded by the judge to Low-risk (QA) will be ineligible for awards.
- Upgrading a Low-risk finding from a QA report to a Medium- or High-risk finding is not supported.
- As such, wardens are encouraged to select the appropriate risk level carefully during the submission phase.
Anything included in this section is considered a publicly known issue and is therefore ineligible for awards.
Denial-of-Service attacks for HTTP endpoints are not considered in scope as HM issues, and should be submitted as part of a QA report.
This Repository contains the Swafe library, which can be used as SDK for building Swafe-based clients, as well as for creating Swafe-based partisia contracts.
The protocol implementation is based on the Swafe Book specification.
/lib- Core Rust library implementation with cryptographic primitives/contracts- Smart contract code for Partisia blockchain deployment/cli- Command-line interface for testing wallet operations and recovery/api- REST API implementation for wallet services
- Previous audits: No previous audit reports.
- Documentation: https://github.com/swafe-io/swafe-book
- Website: https://swafe.io/
- X/Twitter: https://x.com/swafe_io
- Code walk-through: https://youtu.be/FO2jbib8C7o
For a machine-readable version, see scope.txt
Any file that is not explicitly listed in the aforementioned list is considered out-of-scope for the purposes of this audit contest.
| File |
|---|
| cli/**.** |
| Totals: 8 |
For a machine-readable version, see out_of_scope.txt
- Unauthorized Backup Reconstruction
- Unauthorized Account Recovery - Without email verification and (optionally) guardian approval
- Backup Ciphertext Security - Stealing or lack of binding for backup ciphertexts to accounts
- Integrity Attacks - Mauling of stored secrets/backups
- Privacy Violations - Anonymity violations from on-chain content or off-chain node interaction, including leakage of user identity (e.g., email addresses)
- Only the owner of an account should be able to request the reconstruction of a backup.
- Only the owner of an email should be able to request the recovery of an account.
- Recovery of an account only occurs when more than the specified threshold of Guardians has approved the request.
- Recovery of a backup only occurs when more than the specified threshold of Guardians has approved the request.
- After recovering an account, the owner should be able to request and complete recovery of backups as long as there are sufficient Guardians online and off-chain nodes available for relaying shares.
- An email should be associated to at most one account at a time.
- An account may have multiple emails associated for recovery.
- A user should be able to recover his account with only access to his email (and an out-of-band channel for communicating with Guardians).
- Keeping user emails confidential.
- Providing "email certificates" only after users prove email possession.
- Generating shares for the VPRF used to hide email ↔ account association during a one-time setup ceremony.
Must not be able to unilaterally cause Guardians to reconstruct or recover an account without explicit permission provided by each guardian.
- If a user specifies a reconstruction threshold of
tout ofnnodes, we assume at leasttof the selected guardians for that backup are honest for liveness andn-tfor secrecy.
- Any number of corrupted guardians may exist in the system.
- Honest users manually select guardians they trust (friends, family, trusted institutions).
- The user-selected threshold
tinfers that at leasttguardians are willing to reconstruct. - The user-selected threshold
tinfers that at mostt-1guardians are corrupted/malicious.
If both of the following conditions hold:
- Swafe-io is honest
- Off-chain nodes are honest
Then backups/accounts remain unrecoverable even if all Guardians are corrupted.
Off-chain nodes are full nodes capable of running off-chain computation and holding secret state. Security guarantees vary based on the corruption model:
- User emails remain hidden even at registration/recovery time.
- Snapshot of corrupted off-chain node states hides user emails and account associations.
- Leaking an off-chain node's state does not reveal user emails or their association to on-chain contracts.
- Secrets without specified guardians remain decryptable without a valid "email certificate" from Swafe.
- The system remains available even if a minority subset of off-chain nodes are offline or unresponsive.
- Secrets specifying guardians remain undecryptable
The Swafe codebase represents a library meant to assist in the programming of Partisia blockchain contracts. Beyond the Rust runtime and Just dependency required for compiling the system, the project also relies on the Java runtime and Apache Maven toolkit to execute tests.
The codebase was successfully compiled with the following dependencies on an Ubuntu 24.04.3 LTS system:
- Java (
javac): 17.0.16 - Apache Maven: 3.8.7
- Rust (
rustc): 1.91.1 - Just: 1.43.1
- Partisia (
cargo-pbc): 5.411.0
To note, the Java, Rust, and Partisia dependencies pertain to the Partisia contract system and are not related to the code of the project itself.
The codebase requires the JDK version 17 and upward to be able to run tests. For Unix-like systems, please install Java through your respective package manager, f.e.:
sudo apt install openjdk-17-jdk
Once Java is installed and available, the Apache Maven package can either be downloaded or installed through your respective package manager, f.e.:
sudo apt install maven
Rust can be installed via a bundled script available in the official Rust page, f.e.:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
The stable release is sufficient for compiling the project. After rust has been properly installed, the just script execution tool must be installed via the relevant steps for your OS, f.e.:
apt install just
This section covers the installation of the Partisia Contract Builder, which can also be found at this link.
For the system to compile, the pbc command must be available through the cargo Rust toolkit. To achieve this, the cargo-partisia-contract package must be installed. It depends on OpenSSL as well as the pkg-config packages:
sudo apt install pkg-config
Afterward, the package can be installed via the following command:
cargo install cargo-partisia-contract
To run tests, the just tool's test script must be executed:
just test
Employees of Swafe and employees' family members are ineligible to participate in this audit.
Code4rena's rules cannot be overridden by the contents of this README. In case of doubt, please check with C4 staff.
