- Total Prize Pool: $37,500 in USDC
- HM awards: up to $33,600 in USDC
- If no valid Highs are found, the HM pool is $6,720 in USDC
- If no valid Highs or Mediums are found, the HM pool is $0
- QA awards: $1,400 in USDC
- Judge awards: $2,000 in USDC
- Scout awards: $500 in USDC
- HM awards: up to $33,600 in USDC
- Read our guidelines for more details
- Starts November 24, 2025 20:00 UTC
- Ends December 8, 2025 20:00 UTC
❗ Important notes for wardens
- Since this audit includes live/deployed code, all submissions will be treated as sensitive:
- Wardens are encouraged to submit High-risk submissions affecting live code promptly, to ensure timely disclosure of such vulnerabilities to the sponsor and guarantee payout in the case where a sponsor patches a live critical during the audit.
- Submissions will be hidden from all wardens (SR and non-SR alike) by default, to ensure that no sensitive issues are erroneously shared.
- If the submissions include findings affecting live code, there will be no post-judging QA phase. This ensures that awards can be distributed in a timely fashion, without compromising the security of the project. (Senior members of C4 staff will review the judges’ decisions per usual.)
- By default, submissions will not be made public until the report is published.
- Exception: if the sponsor indicates that no submissions affect live code, then we’ll make submissions visible to all authenticated wardens, and open PJQA to SR wardens per the usual C4 process.
- The "live criticals" exception therefore applies.
- Judging phase risk adjustments (upgrades/downgrades):
- High- or Medium-risk submissions downgraded by the judge to Low-risk (QA) will be ineligible for awards.
- Upgrading a Low-risk finding from a QA report to a Medium- or High-risk finding is not supported.
- As such, wardens are encouraged to select the appropriate risk level carefully during the submission phase.
V12 is Zellic's in-house AI auditing tool. It is the only autonomous Solidity auditor that reliably finds Highs and Criticals. All issues found by V12 will be judged as out of scope and ineligible for awards.
V12 findings can be viewed here.
Note for C4 wardens: Anything included in this Automated Findings / Publicly Known Issues section is considered a publicly known issue and is ineligible for awards.
EVM
- In
ArbHTLCandHTLCcontracts, user can redeem afterblock.number + timelockvalue expires. - Unused parameter
destinationDatainHTLCandArbHTLCcontracts. It is required for event logs for off-chain verification of destination swap information. - Centralization risk in
HTLCRegistrycontract. The ownership is present only to set implementation contract addresses for the UDAs and to set valid HTLC addresses. - No timelock validation provided: timelock can be set to an unreasonably large value, risking indefinite fund locks
- The
redeem()enforces a strict requirement that secrets must be exactly 32 bytes in length. In case a user initiates using a secret hash whose pre-image is of length n, such that n != 32, then the counterparty will not be able to redeem funds. The funds can then only be refunded.
Solana
- The PDA for the swap data is closed after the swap is complete, so creating a duplicate order will be possible
- User can redeem after
expiry_slothas been reached - Missing validation for zero values: No checks prevent swap_amount from being set to 0 or zero-address values from being passed
- No timelock validation provided: timelock can be set to an unreasonably large value, risking indefinite fund locks
- The
redeem()enforces a strict requirement that secrets must be exactly 32 bytes in length. In case a user initiates using a secret hash whose pre-image is of length n, such that n != 32, then the counterparty will not be able to redeem funds. The funds can then only be refunded.
Sui
- The chain ID is hardcoded in the
create_order_idfunction. To avoid same order ID generation in testnet and mainnet, we manually change it before deployment. - The
redeem()enforces a strict requirement that secrets must be exactly 32 bytes in length. In case a user initiates using a secret hash whose pre-image is of length n, such that n != 32, then the counterparty will not be able to redeem funds. The funds can then only be refunded.
Starknet
- User can redeem after the timelock expires, similar to EVM.
- No timelock validation provided: timelock can be set to an unreasonably large value, risking indefinite fund locks
- The
redeem()enforces a strict requirement that secrets must be exactly 32 bytes in length. In case a user initiates using a secret hash whose pre-image is of length n, such that n != 32, then the counterparty will not be able to redeem funds. The funds can then only be refunded.
Garden is the fastest Bitcoin bridge, enabling cross-chain Bitcoin swaps in as little as 30 seconds. It is built using an intents-based architecture with trustless settlements, ensuring zero custody risk for the users.
- Previous audits:
- 2025: LightChaser Report, Zellic Report
- 2024: Trail of Bits Report
- 2023: OtterSec Report
- Documentation: https://docs.garden.finance/
- Website: https://garden.finance/
- X/Twitter: https://x.com/gardenfi
Note: The nSLoC counts in the following table have been automatically generated and may differ depending on the definition of what a "significant" line of code represents. As such, they should be considered indicative rather than absolute representations of the lines involved in each contract.
For a machine-readable version, see scope.txt
Note: Any file not explicitly listed in the table above is considered out-of-scope, and the list below is indicative
| File |
|---|
| evm/certora/HTLCHarness.sol |
| evm/script/**.** |
| evm/test/**.** |
| sui/tests/test.move |
| Totals: 11 |
For a machine-readable version, see out_of_scope.txt
The main focus of wardens should be that there is no way to cause fund loss for any party involved in a swap.
Duplicate orders should not be possible in the system except for the Solana implementation, in which duplicate orders are only possible after the original one has been completed and closed.
Only the owner should be able to change the configuration of the HTLCRegistry.
- In Solana and Sui, ownership of contracts allows us to upgrade the contract to the same address
- In EVM,
HTLCRegistryhas ownership to set UDA implementation and valid HTLC addresses
Prerequisites
Install Anchor framework
Getting Started
- Clone the repository.
git clone https://github.com/code-423n4/2025-11-garden.git- Change into the Solana contracts directory (SPL or Native).
cd 2025-11-garden/solana/solana-spl-token- To build the program:
anchor build- To run the tests:
anchor testTo build the project:
git clone https://github.com/code-423n4/2025-11-garden.git
cd 2025-11-garden/evm
forge install foundry-rs/forge-std
forge install OpenZeppelin/[email protected]
forge install OpenZeppelin/[email protected]
forge buildAlternatively, the relevant dependencies can be pulled in as submodules.
To test:
forge testFor coverage:
forge coverageTo build the project:
git clone https://github.com/code-423n4/2025-11-garden.git
cd 2025-11-garden/sui
sui move buildTo test:
sui move testFor coverage:
sui move test --coverage
sui move coverage summaryPrerequisite: shardlabs/starknet-devnet-rs:0.3.0
To build:
git clone https://github.com/code-423n4/2025-11-garden.git
cd 2025-11-garden/starknet
yarn
scarb buildTo test:
starknet-devnet --seed 0 --port 5050
yarn testEmployees of Garden and employees' family members are ineligible to participate in this audit.
Code4rena's rules cannot be overridden by the contents of this README. In case of doubt, please check with C4 staff.