Portify Router - Smart Contract Audit Report

Summary

crypto_audit Portify is building a new decentralized trading platform allowing users to interact with multiple decentralized exchanges from one contract.

For this audit, we reviewed the PortifyRouter contract provided to us at commit 4ad68c9c0f8541aec9e448e93fee6a440a38cf57 on the team's GitHub.

Notes on the Contract:
  • This contract allows users to interact with multiple decentralized exchanges.
  • Users are able to perform all standard swapping functionality with all exchanges added to the platform by providing the ID of the exchange they wish to use.
  • Users are not able to use the contract to provide liquidity.
  • The contract also supports the ability to add multiple "bridge tokens". As the name suggests, these are used as bridges when swapping between tokens allowing for a potentially better exchange rate for the swap.
  • When determining the best price, users provide the token pair they wish to swap. The contract will then test a variety of swapping paths across all the exchanges added to the platform. The user will receive the best path to perform the swap for each exchange.
  • Fees associated with swapping are dependent upon the exchange, and may vary between exchanges.
  • The team should exercise caution to not add too many bridge tokens to avoid hitting the block gas limit.
  • The owner is able to add and remove exchanges at any time.
  • The owner is able to add and remove bridge tokens at any time.
  • As the contract is using Solidity 0.8.X, it is protected from overflows/underflows.
Audit Findings Summary
  • No external threats were identified.
  • Ensure trust in the team as they have some control within the ecosystem.
  • Date: December 9th, 2021.

Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Centralization of ControlThe team retains control of adding and removing exchanges and bridge tokens.PASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APASS
Unbounded LoopsAn unbounded loop exists when querying multiple exchanges for the best swap price.PASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

PortifyRouter Contract

smart_contract_audit_company

token_audit


 ($) = payable function
 # = non-constant function

 + [Int] IPancakeV2Factory 
    - [Ext] INIT_CODE_PAIR_HASH
    - [Ext] feeTo
    - [Ext] feeToSetter
    - [Ext] getPair
    - [Ext] allPairs
    - [Ext] allPairsLength
    - [Ext] createPair #
    - [Ext] setFeeTo #
    - [Ext] setFeeToSetter #

 + [Int] IPortifyRouter 
    - [Ext] WETH
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IPancakeRouter01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)
    - [Ext] removeLiquidity #
    - [Ext] removeLiquidityETH #
    - [Ext] removeLiquidityWithPermit #
    - [Ext] removeLiquidityETHWithPermit #
    - [Ext] swapExactTokensForTokens #
    - [Ext] swapTokensForExactTokens #
    - [Ext] swapExactETHForTokens ($)
    - [Ext] swapTokensForExactETH #
    - [Ext] swapExactTokensForETH #
    - [Ext] swapETHForExactTokens ($)
    - [Ext] quote
    - [Ext] getAmountOut
    - [Ext] getAmountIn
    - [Ext] getAmountsOut
    - [Ext] getAmountsIn

 + [Int] IPancakeV2Router02 (IPancakeRouter01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] removeLiquidityETHWithPermitSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #

 + [Int] IPancakePair 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #
    - [Ext] DOMAIN_SEPARATOR
    - [Ext] PERMIT_TYPEHASH
    - [Ext] nonces
    - [Ext] permit #
    - [Ext] MINIMUM_LIQUIDITY
    - [Ext] factory
    - [Ext] token0
    - [Ext] token1
    - [Ext] getReserves
    - [Ext] price0CumulativeLast
    - [Ext] price1CumulativeLast
    - [Ext] kLast
    - [Ext] mint #
    - [Ext] burn #
    - [Ext] swap #
    - [Ext] skim #
    - [Ext] sync #
    - [Ext] initialize #

 + [Int] IERC20 
    - [Ext] name
    - [Ext] symbol
    - [Ext] decimals
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transfer #
    - [Ext] transferFrom #

 + [Int] IWETH 
    - [Ext] deposit ($)
    - [Ext] transfer #
    - [Ext] withdraw #

 +  Ownable 
    - [Pub] Constructor #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner
    - [Int] _transferOwnership #

 + [Lib] TransferHelper 
    - [Int] safeApprove #
    - [Int] safeTransfer #
    - [Int] safeTransferFrom #
    - [Int] safeTransferETH #

 +  PortifyRouter (IPortifyRouter, Ownable)
    - [Pub] Constructor #
    - [Ext] Fallback ($)
    - [Ext] addBridgeToken #
       - modifiers: onlyOwner
    - [Ext] removeBridgeToken #
       - modifiers: onlyOwner
    - [Pub] addNewDex #
       - modifiers: onlyOwner
    - [Ext] removeDex #
       - modifiers: onlyOwner
    - [Int] _swap #
    - [Ext] swapExactTokensForTokens #
       - modifiers: ensure
    - [Ext] swapTokensForExactTokens #
       - modifiers: ensure
    - [Ext] swapExactETHForTokens ($)
       - modifiers: ensure
    - [Ext] swapTokensForExactETH #
       - modifiers: ensure
    - [Ext] swapExactTokensForETH #
       - modifiers: ensure
    - [Ext] swapETHForExactTokens ($)
       - modifiers: ensure
    - [Int] _swapSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
       - modifiers: ensure
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)
       - modifiers: ensure
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
       - modifiers: ensure
    - [Int] _getSimplePath
    - [Int] _getBridgePath
    - [Int] _tryGetAmountsOut
    - [Pub] getBestDealForDex
    - [Pub] getBestDeals
    - [Pub] getAmountOut
    - [Pub] getAmountIn
    - [Pub] getAmountsOut
    - [Pub] getAmountsIn
    - [Int] sortTokens
    - [Int] pairFor