A single home for third‑party security audit reports across the Energy Web ecosystem, including:
- Energy Web X (EWX) — Substrate / Polkadot parachain runtime, pallets, and XCM integrations
- Verified Compute / Worker Node Network — worker solution pallet audits
- Bridging & tokenization — EWT token + bridge smart contracts
- Energy Web Chain (EWC) upgrades — system contracts and protocol upgrades (e.g., the Zurich upgrade)
Note: Audits are point‑in‑time assessments of specific commits/releases. Always review the audited commit hash(es) referenced below and in each report.
Energy Web is transitioning from Energy Web Chain (EWC) an enterprise, Proof‑of‑Authority network to Energy Web X (EWX), a Substrate‑based Polkadot parachain designed for permissionless Proof‑of‑Stake participation. As part of that evolution, Energy Web Token (EWT) is moving toward an ERC‑20 representation on Ethereum mainnet and bridge infrastructure connecting Ethereum and EWX (and supporting migration paths from EWC).
Verified Compute extends the ecosystem with a worker node network that supports solution registration, staking/subscription, and vote processing.
- EWC — Energy Web Chain
- EWX — Energy Web X
- EWT — Energy Web Token
- BYOT — “Bring Your Own Token”
- XCM — Polkadot cross‑chain messaging format
reports/
ewx/ # Energy Web X (parachain/runtime/pallets/XCM)
verified-compute/ # Worker Node Network / Verified Compute
ethereum/ # Ethereum smart contracts (EWT token / bridge)
ewc/ # Energy Web Chain (system contracts, protocol upgrades)
checksums/
SHA256SUMS.txt # integrity hashes for all PDFs
scripts/
update-checksums.sh
audits.json # machine-readable audit manifest
| Area | Report | Auditor | Date | Audited scope | |
|---|---|---|---|---|---|
| Parachain node | Energy Web Parachain | Hashlock | Aug 2025 | energy-web-parachain-node (Pulls 158 / 196 / 197) |
|
| Liquid staking pallet | Energy Web X Liquid Staking | Hashlock | Aug 2025 | energy-web-parachain-node (PR 202) |
|
| BYOT + Asset Hub (XCM) | EWX Integration with Asset Hub | Hashlock | Oct 2025 | Runtime/XCM config (xcm_config.rs + benchmarks) |
Commit references (from each report):
- Parachain node: audited commits
d4de4a2…,e9fd651…,f2bf681…; fix reviewb803cc3… - Liquid staking pallet: audited commit
5ee29af…; fix review34a9c84… - Asset Hub integration: audited commit
ea8065e…; fix review477ebd4…
| Area | Report | Auditor | Date | Audited scope | |
|---|---|---|---|---|---|
| Worker solution pallet | Worker Solution Pallet Security Assessment | Trail of Bits | Jun 2024 | ewx-worker-solution-pallet @ 241fbfe… |
|
| Worker pallet | Worker Pallet Security Assessment Report (v1.1) | ChainTroopers | May 2025 | ewx-worker-solution-pallet @ 6d0ffd0… (retest 9d57d8a…) |
| Area | Report | Auditor | Date | Audited scope | |
|---|---|---|---|---|---|
| EWT token + bridge contracts | EnergyBridge.sol & EnergyWebToken.sol | Hashlock | Jul 2025 | audited commit f8acf62…; fix review ab920c3… |
| Area | Report | Auditor | Date | Audited scope | |
|---|---|---|---|---|---|
| Zurich upgrade (BlockReward) | Block Reward system contracts (v1.1) | ChainTroopers | Jul 2025 | ewc-system-contracts PR 92 (retest on master) |
|
| T1 ↔ T2 bridge | Bridge of T1 and Substrate sidechain T2 (v1.1) | ChainTroopers | Apr 2024 | energy-bridge + avn-parachain (tag v5.1.1) |
|
| EWC baseline audit | Security Audit of the Energy Web Blockchain | ChainSecurity | Jun 2019 | EWC (baseline) |
This repository includes SHA‑256 checksums for every PDF.
Verify locally:
sha256sum -c checksums/SHA256SUMS.txtSee CONTRIBUTING.md.
- Audit PDFs: Third‑party works. Copyright remains with the respective auditors/authors. See NOTICE.
- Repository metadata/tooling (README, manifests, scripts): Licensed under Apache‑2.0.