Security was the main focus on the design and implementation of the DutchX.
The mechanism is designed to solve the problems other exchanges (centralized and decentralized ones) face, aiming to remove parties that take advantage and profit out of the users.
The result is a fair exchange of tokens where all users play under the same rules.
The smart contracts code was submitted to:
- The code is open source and public for anyone to review.
- During construction, it was subjected to constant internal audits, peer reviews, and unit testing.
External audit: A thorough external audit by Solidify (https://solidified.io/)
- Three auditors reviewed the code in parallel in an isolated review. Then they compared the findings and came to a group consensus. The final report is done, and over some iterations all the risks are mitigated.
- Check out the Solidify Audit Report.
- Check this post Securing Gnosis’ Dutch exchange smart contracts — a case study to learn how this was done.
- On top of the audits, a Bug bounty program was created. It offers generous prizes for finding security risks or any other bug.
- The bug bounty is still ongoing today, and no bugs have been discovered.
- Check the details in Gnosis DutchX and Initial OWL Generation Bug Bounty for more information.
The DutchX is a non-custodial trading protocol. Your funds are only held in the audited smart contracts, so no company or organization holds the funds, just the audited contracts.
Keep in mind that, as a user of a decentralized application, you are the only one who has access to your private key, so it's important that you keep you keys safe.