SwapzLiquidityPool - Smart Contract Audit Report
Summary
Swapz Network is building a cross-chain liquidity pool supporting stable coin swaps.We audited the project team's SwapzLiquidityPool contract at commit 10bf3482272c8fbeeebdf9e62adfe4a6c8621f11 on the team's Github repository.Notes on the Contract:Audit Findings Summary
- The address of the stable token used by the platform is set on deployment.
- Initially, the platform only supports chain IDs 3 (Ethereum Ropsten Testnet) and 97 (Binance Smart Chain Testnet).
- Users can use this contract to submit a swap request in order to initiate the process of moving an amount of the stable token used by the platform from one chain to another; users must pay a fee in the origin chain's native currency in order to do so.
- The owner can then send the stable tokens specified in the swap request to the user on the desired chain. 0.04% of the amount is taken as a fee; 0.01% goes to the project team as a mesh fee, and 0.03% is contributed towards liquidity.
- In the event that there is not enough liquidity on the user's desired chain, the owner can send the stable tokens back to the user on the origin chain.
- Anyone can add liquidity to the pool on any chain at any time; an amount of shares proportional to the amount of liquidity being added and the amount of existing liquidity in the pool will be minted to the user.
- Users can exit their position in the liquidity pool at any time; their shares will be burned and a proportional amount of stable tokens will be returned to the user.
- In the event there is not enough stable coins for a user to exit their position on the chain they had joined on, the user can burn their shares on the origin chain and specify a chain from which to claim their stable tokens.
- The owner can set the fee for any chain ID to any value at any time.
- The owner can withdraw the stable tokens collected as the mesh fee at any time.
- Cross-chain swaps involve some off-chain logic run by the team. Please note we have not reviewed the off-chain logic related to the bridge.
- The contract complies with the ERC-20 standard.
- As the contract is implemented with Solidity v0.8.4, it is protected from overflows.
- No security threats from outside attackers were identified.
- Users must trust the team as they will operate off-chain logic to power the bridge used for cross-chain transfers.
- Date: September 13th, 2021
External Threat Results
| Vulnerability Category | Notes | Result |
|---|---|---|
| Arbitrary Storage Write | N/A | PASS |
| Arbitrary Jump | N/A | PASS |
| Delegate Call to Untrusted Contract | N/A | PASS |
| Dependence on Predictable Variables | N/A | PASS |
| Deprecated Opcodes | N/A | PASS |
| Ether Thief | N/A | PASS |
| Exceptions | N/A | PASS |
| External Calls | N/A | PASS |
| Flash Loans | N/A | PASS |
| Integer Over/Underflow | N/A | PASS |
| Multiple Sends | N/A | PASS |
| Oracles | N/A | PASS |
| Suicide | N/A | PASS |
| State Change External Calls | N/A | PASS |
| Unchecked Retval | N/A | PASS |
| User Supplied Assertion | N/A | PASS |
| Critical Solidity Compiler | N/A | PASS |
| Overall Contract Safety | PASS |
($) = payable function
# = non-constant function
+ [Int] IERC20
- [Ext] totalSupply
- [Ext] balanceOf
- [Ext] transfer #
- [Ext] allowance
- [Ext] approve #
- [Ext] transferFrom #
+ [Int] IERC20Metadata (IERC20)
- [Ext] name
- [Ext] symbol
- [Ext] decimals
+ Context
- [Int] _msgSender
- [Int] _msgData
+ ERC20 (Context, IERC20, IERC20Metadata)
- [Pub] #
- [Pub] name
- [Pub] symbol
- [Pub] decimals
- [Pub] totalSupply
- [Pub] balanceOf
- [Pub] transfer #
- [Pub] allowance
- [Pub] approve #
- [Pub] transferFrom #
- [Pub] increaseAllowance #
- [Pub] decreaseAllowance #
- [Int] _transfer #
- [Int] _mint #
- [Int] _burn #
- [Int] _approve #
- [Int] _beforeTokenTransfer #
- [Int] _afterTokenTransfer #
+ [Lib] SafeMath
- [Int] tryAdd
- [Int] trySub
- [Int] tryMul
- [Int] tryDiv
- [Int] tryMod
- [Int] add
- [Int] sub
- [Int] mul
- [Int] div
- [Int] mod
- [Int] sub
- [Int] div
- [Int] mod
+ Ownable (Context)
- [Pub] #
- [Pub] owner
- [Pub] renounceOwnership #
- modifiers: onlyOwner
- [Pub] transferOwnership #
- modifiers: onlyOwner
- [Prv] _setOwner #
+ SwapzLiquidityPool (ERC20, Ownable)
- [Pub] chainChainFee #
- modifiers: onlyOwner
- [Pub] #
- [Pub] decimals
- [Ext] swapRequest ($)
- [Pub] sendBackAll #
- modifiers: onlyOwner
- [Pub] sendAll #
- modifiers: onlyOwner
- [Pub] sendBack #
- modifiers: onlyOwner
- [Pub] send #
- modifiers: onlyOwner
- [Pub] withdrawMeshFee #
- modifiers: onlyOwner
- [Pub] join #
- [Prv] burn #
- [Pub] leaveForeign ($)
- [Pub] leave #