As decentralized finance infrastructure evolves across Layer 1 and Layer 2 ecosystems, stablecoins serve as foundational primitives that must withstand adversarial use and rigorous correctness constraints. cNGN, a Rust-based Solana deployment of a wrapped Central Bank Digital Currency (CBDC), aims to bridge fiat stability with programmable token logic using Solana’s Anchor framework and off-chain Ed25519 signature flows.
FailSafe was commissioned to audit the cNGN contract suite, focusing on signature replay prevention, off-chain-to-on-chain execution enforcement, access control architecture, and supply-invariant preservation during minting and bridging.
This case study outlines the audit’s lifecycle, major vulnerabilities identified, and mitigation strategies implemented by the development team. It serves Solana-native teams building stablecoins or permissioned token systems that combine whitelisting, event-based compliance, and signature-forwarded transactions.
Project Details
- Project: WrappedCBDC Stablecoin – cNGN (Rust)
- URL: https://cngn.co/
- Source Code: GitHub – stablecoin-cngn
- Initial Commit: cd130adf18d64b60eeb696ee2eeee43a60740d78
- Final Commit: 89164a1cc958ac6ff1b59841de7dd65c621a876f
- Timeline: 8th May 2025 – 30th May 2025
Findings Summary
We identified 27 issues across all severity levels. Of these, 25 were fully resolved and 2 were acknowledged by the development team.
Top 5 Findings by Severity:
| ID | Title | Severity | Status |
|---|---|---|---|
| 01 | Insufficient Ed25519 Replay Protection | Critical | Resolved |
| 02 | Improper External to Internal Transfer Logic | Critical | Resolved |
| 03 | Inexistent Custom Control Enforcement in Forwarder | High | Resolved |
| 04 | Improper Instruction Index Introspection | High | Resolved |
| 05 | Insufficient Offset Bounds Checking | Medium | Resolved |
⚠️ Note: An additional 22 lower-severity findings are detailed in the full report.
1. Insufficient Ed25519 Replay Protection
Severity: Critical
Status: Resolved
Overview:
The forwarder’s verify_ed25519_instruction lacked nonce enforcement, allowing any previously valid signature to be replayed in future transactions. This flaw enabled unlimited unauthorized transfers from previously approved messages.
Comment:
Resolved via nonce-based replay protection and signature freshness checks using on-chain slot tracking and stored nonces within the CanForward PDA.
2. Improper External to Internal Transfer Logic
Severity: Critical
Status: Resolved
Overview:
The bridge mechanism silently burned tokens from externally whitelisted accounts without crediting the internal recipient, violating token supply invariants and enabling silent value destruction.
Comment:
Fixed by splitting the path into separate burn and credit mint steps, each emitting appropriate events and maintaining supply integrity.
3. Inexistent Custom Control Enforcement in Forwarder
Severity: High
Status: Resolved
Overview:
The forwarder bypassed token controls by directly issuing SPL-Token CPI transfers, ignoring pausability, blacklists, and mint flow protections.
Comment:
Mitigated by consolidating logic into the protocol’s internal handler, preserving business rule enforcement even for signature-driven flows.
4. Improper Instruction Index Introspection
Severity: High
Status: Resolved
Overview:
The signature verification logic failed to validate that the prior instruction was a genuine Ed25519 signature operation. Attackers could spoof the expected offsets using arbitrary program instructions.
Comment:
Remediation added strict instruction index validation and program ID checks to authenticate the Ed25519 context.
5. Insufficient Offset Bounds Checking
Severity: Medium
Status: Resolved
Overview:
The forwarder used unchecked offsets to parse instruction data. Maliciously large offset values could crash the program or be exploited for denial-of-service via panics.
Comment:
Bounds-checks were added across all parsed slices to prevent out-of-range panics or buffer overreads.
Conclusion
The cNGN audit revealed critical systemic gaps in the bridging and forwarding layers, particularly in areas combining off-chain message verification with token flow execution. Left unmitigated, these issues could have led to replay-based theft, balance desynchronization, and circumvention of intended business logic.
FailSafe’s audit enforced structured controls across the Solana Anchor-based system—ensuring proper nonce tracking, signature scoping, runtime checks, and event clarity. The cNGN team resolved the majority of issues swiftly, indicating a high level of responsiveness and readiness for secure deployment.
For technical integration support, or to initiate a similar audit, contact us for a quote!
Need a Rust Audit? Get a quote in 1 hour!
Related Articles
Achieving Unmatched Code Vulnerability Detection with SWARM
FailSafe’s code-agnostic agentic security testing platform, SWARM, achieves 69.2% vulnerability detection recall on the EVMbench smart contract security benchma...
FailSafe AI Secures Base's BTC Lending Protocol, Bitmor
FailSafe's agentic AI surfaced valuable security findings in Bitmor's Bitcoin lending protocol on Base ahead of launch, the kind of vulnerabilities traditional ...
How FailSafe's Agentic AI Secured Megapot v2 Ahead of Launch
FailSafe's SWARM completed a full assessment across Megapot v2 contracts, identifying four vulnerabilities including an LP pool cap bypass that could have expos...
Ready to secure your project?
Get in touch with our security experts for a comprehensive audit.
Contact Us