Neodyme security audit overview

Neodyme AG conducted an extensive security audit for Neon EVM, encompassing the launch infrastructure, governance contracts, and multisig, as well as the main Neon EVM contract that operates an Ethereum Virtual Machine (EVM) on the Solana platform.

Neodyme previously audited Neon EVM at the end of 2021, and significant architectural changes and improvements have been made since then to address the identified challenges. The new audit commenced in February 2023, with the initial round of audits completed by March 2023. Follow-up audits were conducted in May 2023. The Neon EVM development team promptly addressed and resolved all the identified issues as of June 2023.

Developing the Neon EVM ecosystem presents several technical challenges due to the distinct programming, compute, and memory models of Solana and Ethereum. Some key challenges from an auditor’s perspective include the difference in transaction size and compute requirements between Ethereum and Solana, the contrasting storage models, the sequential execution of transactions on Ethereum compared to the parallelization of Solana, and the need for optimized EVM implementations on Solana.

During the security audit, Neodyme’s team of experienced security engineers with expertise in Solana smart contract security conducted a comprehensive examination of the three contracts. The review and testing process focused on various aspects, including ruling out common classes of Solana contract vulnerabilities, checking for an unsafe design that may lead to future vulnerabilities, exploring potential vulnerabilities arising from the structure of the Solana blockchain, ensuring accurate implementation of project specifications, analyzing the code for low-level vulnerabilities specific to the contracts, mitigating denial-of-service and economic attacks, and identifying instructions susceptible to front-running or sandwiching attacks, as well as rug-pull mechanisms or hidden backdoors.

All findings and fixes are detailed in the full audit report, which is available on the Neon EVM team’s GitHub repository along with other previously conducted reports.

The Neon EVM team has taken swift action to address the identified issues.

Links and resources

• Find the Neon EVM community on Twitter or Discord. Additionally:
• Get involved by becoming one of the supported Early Builders
• To choose a public RPC endpoint, see ChainList
• For a high-level overview of the technical architecture and features of Neon EVM, the whitepaper is available at NeonEVM.org/whitepaper.pdf
• View Neon EVM transactions settled to Solana with the NeonScan or BlockScout explorers