Defswap - Core - Security Review

defswap-audit.md

Defswap Audit

DefswapFactory

Low vulneravility

• Exchange could be created with address 0.

• Consider index _token address at CreatedExchange event for traceability.

Notes

• Missing dev notation.

DefswapExchange

High vulnerability

• tokenToBaseExchangeTransferInput doesn't pull sender tokens and therefore the base token reserves will be lowered meanwhile the token reserves will keep the same. Moreover, the recipient will receive the tokens bought with the base and the sender will keep her tokens. This will allow the emptying of the base reserves from every exchange by another token.

Medium vulnerability

• AddLiquidity event will be emitted twice if p_totalSupply is 0.

• Add reentrancy guard to avoid microtrading by swapping base to token (normal) -> token to base (profit) -> token to base (normal) -> base to token (profit) -> base to token and so on for ERC777 tokens.

• removeBaseLiquidity and removeTokenLiquidity are burning amount only for either the base nor the token. This will freeze the other by not removing them using removeLiquidity. Consider adding a secure mechanism for users to accept using those methods like a commit and reveal where a front-end can not confuse them by sending a built-in transaction.

Notes

• Missing dev notation.

• Desfswap.io could be defswap.io.

• p_ prefix can be removed and therefore the getters.

• TODO comment in code.

• For events log order, consider moving contract related events to the end.

• Typo:

  • Line 405: defswap: _exchange can't be Uniswao to defswap: _exchange can't be Uniswap.

Questions

• Is uniswap whitelisted? why taken fee?
• Why not minReturn > 0 ?