Add Audit Report (#139)

This PR adds the audit report from Ackee. Sweet and simple.
safe-global · Nov 10, 2023 · 2790287 · 2790287
1 parent c0a5cbe
commit 2790287
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/4337/README.md b/4337/README.md
@@ -205,6 +205,10 @@ npx hardhat --network <network> etherscan-verify
 
 - [Safe developer portal](http://docs.safe.global)
 
+## Audits
+
+- [For version 0.1.0 by Ackee Blockchain](docs/v0.1.0/audit.md)
+
 ## Security and Liability
 
 All contracts are WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

diff --git a/4337/docs/v0.1.0/audit-report-v1.1.pdf b/4337/docs/v0.1.0/audit-report-v1.1.pdf
diff --git a/4337/docs/v0.1.0/audit.md b/4337/docs/v0.1.0/audit.md
@@ -0,0 +1,23 @@
+# Audit Results
+
+## Auditor
+
+Ackee Blockchain (<https://ackeeblockchain.com/>).
+
+## Notes
+
+The final audit was performed on commit [1981fbc63e3850d626074d81d22a198afe64ac03](https://github.com/safe-global/safe-modules/tree/1981fbc63e3850d626074d81d22a198afe64ac03).
+
+There are two acknowledged findings from the audit report:
+
+- _W2: Usage of `solc` optimizer_
+  > After careful consideration, we decided to enable the optimizer for the following reasons:
+  >
+  > - The most critical functionality, such as signature checks and replay protection, is handled by the Safe and Entrypoint contracts.
+  > - The entrypoint contract uses the optimizer.
+- _I4: Contract does not allow to specify `validAfter` and `validUntil` parameters_
+  > We are choosing not to support this feature at the moment but may implement it in a follow-up revision of the module.
+
+## Files
+
+- [Final audit report](audit-report-v1.1.pdf)