-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Weidex v2 #243
Comments
Auditing time 3 days |
@MrCrambo assigned |
Estimated auditing time: 3 days. |
@RideSolo assigned |
Estimated auditing time 3 days |
@mobilipia assigned |
Cant find the audit manager's email address |
@mobilipia please, send your report to yuri@callisto.network |
WeiDex v2 Security Audit Report1. SummaryWeiDex v2 smart contract security audit report performed by Callisto Security Audit Department 2. In scope
3. FindingsIn total, 7 issues were reported including:
No critical security issues were found. 3.1. Referral address require checking for zeroSeverity: lowDescriptionReferrals addresses are set in The impact will be locking an amount of different tokens to address 0x0 without possibility of withdrawal, the amount can vary following the traded volume and the number of users without referral addresses. Code snippethttps://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/exchange/Exchange.sol#L242 RecommendationCheck 3.2. Exchange UpgradeSeverity: lowDescription
Code snippet3.3. Exchange Balance TransferSeverity: lowDescriptionIn Code snippethttps://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/exchange/ExchangeMovements.sol#L119 RecommendationAdd the following lines to the function:
3.4. Exchange Balance TransferSeverity: lowDescription
Code snippet3.5. ERC-20 IssuesSeverity: notesDescriptionThe following issues are part of mock files that are probably used for test only:
Code snippethttps://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/mocks/OldERC20.sol 3.6. Experimental FeaturesSeverity: notesDescriptionAs raised by the compiler "Experimental features are turned on. Do not use experimental features on live deployments" the audited code uses Code snippethttps://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/exchange/Exchange.sol#L2 https://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/exchange/ExchangeBatchTrade.sol#L2 https://github.com/RideSolo/weidex-eth-v2/blob/master/contracts/exchange/ExchangeOffering.sol#L2 3.7. Owner privilegesSeverity: owner privilegesDescriptionOwner can migrate exchange to new contract address. It may has issues if was not audited. 4. ConclusionThe audited smart contract can be deployed. Only low severity issues were found during the audit. 5. Revealing audit reportshttps://gist.github.com/yuriy77k/95510c49110e25766c1d75bd99e8d307 https://gist.github.com/yuriy77k/0523a14212bf02bdd9a6c7a047eaa002 https://gist.github.com/yuriy77k/e29ec5b85f2dd1380c39bbdcec1cee9f |
Audit request
Decentralized exchange for crypto assets.
Improved version of the protocol + built-in incentive for the makers.
Source code
https://github.com/weichain/weidex-eth-v2
Disclosure policy
support@weidex.market
Platform
ETH
Number of lines:
904 * 0.5 = 452 (reaudit #84 )
The text was updated successfully, but these errors were encountered: