In February 2021, Incognito engaged Coinspect to perform a source code review of the smart contracts that comprise the Incognito-Ethereum bridge. The goal of the audit was to evaluate the security of the smart contracts.
The main contracts are:
IncognitoProxy: stores beacon and bridge committee members of the Incognito Chain, and other contracts can query this contract to check if an instruction is confirmed on the Incognito Chain.
Vault: responsible for deposits and withdrawals; it holds assets (Ether or ERC20 tokens) and emits events that the Incognito Chain interprets as minting instructions; and when presented with a burn proof created over at the Incognito Chain, it releases the assets back to the user.
We believe the audit will make Incognito users (so does the core team) feel more confident, at least in aspects of security.
The official and detailed report can be found at https://www.coinspect.com/incognito-audit/