SwapzLiquidityPool - Smart Contract Audit Report
SummarySwapz Network is building a cross-chain liquidity pool supporting stable coin swaps.We audited the project team's SwapzLiquidityPool contract at commit 10bf3482272c8fbeeebdf9e62adfe4a6c8621f11 on the team's Github repository.
Notes on the Contract:
Audit Findings Summary
- The address of the stable token used by the platform is set on deployment.
- Initially, the platform only supports chain IDs 3 (Ethereum Ropsten Testnet) and 97 (Binance Smart Chain Testnet).
- Users can use this contract to submit a swap request in order to initiate the process of moving an amount of the stable token used by the platform from one chain to another; users must pay a fee in the origin chain's native currency in order to do so.
- The owner can then send the stable tokens specified in the swap request to the user on the desired chain. 0.04% of the amount is taken as a fee; 0.01% goes to the project team as a mesh fee, and 0.03% is contributed towards liquidity.
- In the event that there is not enough liquidity on the user's desired chain, the owner can send the stable tokens back to the user on the origin chain.
- Anyone can add liquidity to the pool on any chain at any time; an amount of shares proportional to the amount of liquidity being added and the amount of existing liquidity in the pool will be minted to the user.
- Users can exit their position in the liquidity pool at any time; their shares will be burned and a proportional amount of stable tokens will be returned to the user.
- In the event there is not enough stable coins for a user to exit their position on the chain they had joined on, the user can burn their shares on the origin chain and specify a chain from which to claim their stable tokens.
- The owner can set the fee for any chain ID to any value at any time.
- The owner can withdraw the stable tokens collected as the mesh fee at any time.
- Cross-chain swaps involve some off-chain logic run by the team. Please note we have not reviewed the off-chain logic related to the bridge.
- The contract complies with the ERC-20 standard.
- As the contract is implemented with Solidity v0.8.4, it is protected from overflows.
- No security threats from outside attackers were identified.
- Users must trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
- Date: September 13th, 2021
External Threat Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|
($) = payable function # = non-constant function + [Int] IERC20 - [Ext] totalSupply - [Ext] balanceOf - [Ext] transfer # - [Ext] allowance - [Ext] approve # - [Ext] transferFrom # + [Int] IERC20Metadata (IERC20) - [Ext] name - [Ext] symbol - [Ext] decimals + Context - [Int] _msgSender - [Int] _msgData + ERC20 (Context, IERC20, IERC20Metadata) - [Pub]
# - [Pub] name - [Pub] symbol - [Pub] decimals - [Pub] totalSupply - [Pub] balanceOf - [Pub] transfer # - [Pub] allowance - [Pub] approve # - [Pub] transferFrom # - [Pub] increaseAllowance # - [Pub] decreaseAllowance # - [Int] _transfer # - [Int] _mint # - [Int] _burn # - [Int] _approve # - [Int] _beforeTokenTransfer # - [Int] _afterTokenTransfer # + [Lib] SafeMath - [Int] tryAdd - [Int] trySub - [Int] tryMul - [Int] tryDiv - [Int] tryMod - [Int] add - [Int] sub - [Int] mul - [Int] div - [Int] mod - [Int] sub - [Int] div - [Int] mod + Ownable (Context) - [Pub] # - [Pub] owner - [Pub] renounceOwnership # - modifiers: onlyOwner - [Pub] transferOwnership # - modifiers: onlyOwner - [Prv] _setOwner # + SwapzLiquidityPool (ERC20, Ownable) - [Pub] chainChainFee # - modifiers: onlyOwner - [Pub] # - [Pub] decimals - [Ext] swapRequest ($) - [Pub] sendBackAll # - modifiers: onlyOwner - [Pub] sendAll # - modifiers: onlyOwner - [Pub] sendBack # - modifiers: onlyOwner - [Pub] send # - modifiers: onlyOwner - [Pub] withdrawMeshFee # - modifiers: onlyOwner - [Pub] join # - [Prv] burn # - [Pub] leaveForeign ($) - [Pub] leave #