As decentralized finance infrastructure evolves across Layer 1 and Layer 2 ecosystems, stablecoins serve as foundational primitives that must withstand adversarial use and rigorous correctness constraints. cNGN, a Rust-based Solana deployment of a wrapped Central Bank Digital Currency (CBDC), aims to bridge fiat stability with programmable token logic using Solana’s Anchor framework and off-chain Ed25519 signature flows.
FailSafe was commissioned to audit the cNGN contract suite, focusing on signature replay prevention, off-chain-to-on-chain execution enforcement, access control architecture, and supply-invariant preservation during minting and bridging.
This case study outlines the audit’s lifecycle, major vulnerabilities identified, and mitigation strategies implemented by the development team. It serves Solana-native teams building stablecoins or permissioned token systems that combine whitelisting, event-based compliance, and signature-forwarded transactions.
Project Details
- Project: WrappedCBDC Stablecoin – cNGN (Rust)
- URL: https://cngn.co/
- Source Code: GitHub – stablecoin-cngn
- Initial Commit: cd130adf18d64b60eeb696ee2eeee43a60740d78
- Final Commit: 89164a1cc958ac6ff1b59841de7dd65c621a876f
- Timeline: 8th May 2025 – 30th May 2025
Findings Summary
We identified 27 issues across all severity levels. Of these, 25 were fully resolved and 2 were acknowledged by the development team.
Top 5 Findings by Severity:
| ID | Title | Severity | Status |
|---|---|---|---|
| 01 | Insufficient Ed25519 Replay Protection | Critical | Resolved |
| 02 | Improper External to Internal Transfer Logic | Critical | Resolved |
| 03 | Inexistent Custom Control Enforcement in Forwarder | High | Resolved |
| 04 | Improper Instruction Index Introspection | High | Resolved |
| 05 | Insufficient Offset Bounds Checking | Medium | Resolved |
⚠️ Note: An additional 22 lower-severity findings are detailed in the full report.
1. Insufficient Ed25519 Replay Protection
Severity: Critical
Status: Resolved
Overview:
The forwarder’s verify_ed25519_instruction lacked nonce enforcement, allowing any previously valid signature to be replayed in future transactions. This flaw enabled unlimited unauthorized transfers from previously approved messages.
Comment:
Resolved via nonce-based replay protection and signature freshness checks using on-chain slot tracking and stored nonces within the CanForward PDA.
2. Improper External to Internal Transfer Logic
Severity: Critical
Status: Resolved
Overview:
The bridge mechanism silently burned tokens from externally whitelisted accounts without crediting the internal recipient, violating token supply invariants and enabling silent value destruction.
Comment:
Fixed by splitting the path into separate burn and credit mint steps, each emitting appropriate events and maintaining supply integrity.
3. Inexistent Custom Control Enforcement in Forwarder
Severity: High
Status: Resolved
Overview:
The forwarder bypassed token controls by directly issuing SPL-Token CPI transfers, ignoring pausability, blacklists, and mint flow protections.
Comment:
Mitigated by consolidating logic into the protocol’s internal handler, preserving business rule enforcement even for signature-driven flows.
4. Improper Instruction Index Introspection
Severity: High
Status: Resolved
Overview:
The signature verification logic failed to validate that the prior instruction was a genuine Ed25519 signature operation. Attackers could spoof the expected offsets using arbitrary program instructions.
Comment:
Remediation added strict instruction index validation and program ID checks to authenticate the Ed25519 context.
5. Insufficient Offset Bounds Checking
Severity: Medium
Status: Resolved
Overview:
The forwarder used unchecked offsets to parse instruction data. Maliciously large offset values could crash the program or be exploited for denial-of-service via panics.
Comment:
Bounds-checks were added across all parsed slices to prevent out-of-range panics or buffer overreads.
Conclusion
The cNGN audit revealed critical systemic gaps in the bridging and forwarding layers, particularly in areas combining off-chain message verification with token flow execution. Left unmitigated, these issues could have led to replay-based theft, balance desynchronization, and circumvention of intended business logic.
FailSafe’s audit enforced structured controls across the Solana Anchor-based system—ensuring proper nonce tracking, signature scoping, runtime checks, and event clarity. The cNGN team resolved the majority of issues swiftly, indicating a high level of responsiveness and readiness for secure deployment.
For technical integration support, or to initiate a similar audit, contact us for a quote!
Need a Rust Audit? Get a quote in 1 hour!
Related Articles
dbook Smart Contract Audit
dbook is a fully on-chain EVM orderbook exchange designed to deliver decentralized trading with high performance, gas efficiency, and self-custody. The protocol...
Aegis JUSD Smart Contract Audit
Aegis is a multichain stablecoin protocol powering JUSD and YUSD, featuring minting, redemption, staking vaults, rewards distribution, and cross-chain bridging ...
The Moats V3 Smart Contract Audit
The Moats are a flexible staking and rewards protocol enabling project teams to configure easy governance participation, time-weighted incentives, and multi-tok...
Ready to secure your project?
Get in touch with our security experts for a comprehensive audit.
Contact Us