MANTRA Chain

We express our gratitude to the MANTRA Chain team for the collaborative engagement that enabled the execution of this Blockchain Protocol Security Assessment.

MANTRA Chain is a Layer 1 blockchain meticulously engineered to navigate the complex intersection of decentralized finance and regulatory compliance. It offers a permissionless environment for deploying applications that necessitate adherence to financial regulations. Built on the robust Cosmos SDK and leveraging the Inter-Blockchain Communication protocol (IBC), MANTRA Chain ensures fast and secure transactions both on-chain and cross-chain.

A standout feature is its native Decentralized ID (DID) system, which streamlines user onboarding and KYC/AML procedures using non-transferable Soulbound NFTs. This innovative approach enhances security and simplifies compliance for both users and developers. Furthermore, the chain's hybrid DEX combines the benefits of automated market making with an order book model, offering greater capital efficiency and enhanced trading experiences.

The system users should acknowledge all the risks summed up in the risks section of the report

Documentation quality

• User-facing documentation for use-cases and features is readily available and well-developed.

• x/liquidity, x/lpfarm, x/marketmakerand x/coinfactory benefit from detailed documentation inherited from Crescent Network and Osmosis.

• The x/did, x/token, and x/guard modules have adequate technical documentation for developers.

• Technical implementation details within the x/txfees module could be enhanced.

• Documenting KYC/whitelisting procedures would be beneficial.

• A comprehensive technical document outlining the purpose and interactions of each module within the system is necessary for a holistic overview.

Code quality

• The codebase adheres to established Go programming best practices, promoting maintainability and performance.

• x/liquidity, x/lpfarm, x/marketmaker and x/coinfactory inherit and maintain high code quality standards from established projects like Crescent Network and Osmosis.

• Several functions exhibit high Cyclomatic Complexity, Excessive Function Length, and Deeply Nested Conditional Structures, suggesting potential areas for refactoring and simplification.

• The x/token module contains redundant code.

Architecture quality

• Mantra Chain utilizes the Cosmos SDK, a mature and widely-adopted framework for building blockchains, contributing to a robust technical foundation.

• The project leverages modules from established projects, adapting them to Mantra's specific use case, potentially accelerating development and enhancing reliability.

• The implementation of DID and soul-bound NFTs for identity verification demonstrates a commitment to security and user control over their digital identity.

• The guard module's capability to assign multiple permission types to whitelisted addresses showcases flexibility in access control.

• The current architecture grants the chain administrator excessive control over the x/guard module, undermining decentralized governance principles.

Test coverage

• E2E test cases exist to validate positive and some negative scenarios, providing valuable insights into the interaction of different modules.

• Modules adopted from other projects have brought along their existing unit tests, offering a degree of pre-existing coverage.

• Unit test coverage is currently low and could be improved.

Mantrachain leverages the Cosmos SDK for its core architecture and incorporates various modules for specific functionalities. Some modules are inherited and adapted from existing projects, while others are developed in-house. The system supports decentralized identity management, user permission control, liquidity provision, and market-making activities.

• x/coinfactory: Enables permissionless token creation.

• x/did: Manages decentralized identifiers (DIDs) for identity verification.

• x/guard: Handles user privileges and access control.

• x/liquidity: Core module for creating and managing liquidity pools.

• x/lpfarm: Implements liquidity provider (LP) farming functionalities.

• x/marketmaker: Facilitates market maker registration and incentive distribution.

• x/token: Manages token-related operations.

• x/txfees: Configures fee tokens and handles gas fee collection.

The scope of the project includes the following components from the provided repository:

Components in Scope

Modules:

1. x/coinfactory

2. x/did

3. x/guard

4. x/liquidity

5. x/lpfarm

6. x/marketmaker

7. x/token

8. x/txfees