Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Mina Token Bridge>Discussion>Lack of documentation
GeneralOverview
Findings
High (1)
DiscussionLack of documentationInsufficient Test Coverage
DesignComponent: Admin front endComponent: User front endComponent: Multichain bridge backend
Audit ResultsAssessment Results

Lack of documentation

Well-maintained documentation is invaluable for both auditors and new developers when getting familiar with a codebase. A lack of documentation makes it harder to read, understand, and extend the code, while outdated documentation can be just as problematic—creating confusion when it no longer reflects how the code actually works. We found that this project lacked adequate documentation, particularly regarding deployment and setup.

The repository did include flow diagrams, in the form of PUML files, which were helpful in understanding how a bridging transaction should work. However, the documentation for deploying and running the codebase appeared to be significantly outdated. The automated pm2 start script was missing critical steps required for the application to function properly, and these steps were also absent from the repository’s "Getting Started" section. While docker-compose.dev.yaml included some of the missing steps, it was never referenced in the documentation. As a result, troubleshooting the deployment took considerably more time than necessary—time that could have been saved with up-to-date documentation outlining all the necessary steps to get the application running.

Improving and maintaining clear, up-to-date documentation would greatly benefit both auditors and developers working with the codebase.

Zellic © 2025Back to top ↑