DPex - Smart Contract Audit Report


DPEX Audit Report DPex by the Passive Income team is a decentralized exchange, allowing users to swap tokens. We previously reviewed the team's token contract here.

We audited DPex's contracts at commit 028318900fe110abdd176f32f0c1ab2f8edbb3a9 on GitHub; and at the Kovan addresses below.

Audit Findings:

  • DPex is a fork of Uniswap with a few key notable changes.

  • The liquidity provider fee is 0.3%, matching Uniswap's.
  • There is an additional 0.1% fee on transactions involving WETH and PSI. The fee amount can be updated via Governance; though it cannot exceed 20%.
  • Half of this additional fee (0.05%) will be used to fund rewards to be distributed to holders of PSI token.
  • Fees are collected by the Fee Aggregator, which has the ability to swap WETH to PSI for PSI-holder rewards; and also provides rewards to liquidity providers.

  • The contract utilizes Chi gas token to drastically reduce the gas costs of adding/removing liqudity and swapping tokens.
  • The team must provide the Chi gas tokens to be used by the contract.

  • Governance operates using levels. Governance participants can grant any address any level below the caller's current level.
  • The deployer of the contract is granted the Mastermind role (level 100); leading to somewhat centralized control of the platform.
  • Access control via Governance includes the following roles: Mastermind (100+), Governer (50+), and Partner (10+).
  • Having the Mastermind role also grants access to functions restricted to the lower-level roles.
  • Anyone with the "mastermind" access level can update the Governance address in the FeeAggregator and Router at any time.
  • Anyone with the Governer level or above can edit critical variables in the ecosystem (Router address, gas token address, FeeAggregator address, and more.
  • The Partner access role is not used in the current implementation of the contracts.

  • All contracts except the Router are behind Admin Upgradability Proxies; meaning the contracts can be upgraded at any time via Governance.
  • Usage of ReentrancyGuard in applicable locations.
  • Utilization of SafeMath to prevent overflows.
  • Use of TransferHelper and SafeERC20 to ensure safe transfers.

  • Audit Findings Summary:
  • No security issues from outside attackers were identified.
  • Ensure trust in the team as governance is somewhat centralized and critical variables & contracts can be upgraded at any time.
  • The developer has performed KYC with our firm.
  • Date: February 2nd, 2021



(Hover Zoom Reccomended)


0x0EAb86c2532C200078358065c461e6C88C03013d (Kovan)

Function Graph.   Inheritance Chart.



Function Graph.   Inheritance Chart.



Function Graph.   Inheritance Chart.


N/A (Deployed for each token pair)

Function Graph.   Inheritance Chart.



Function Graph.   Inheritance Chart.

External Threats - Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS