SmartSwap ETHBNB Security Audit Report
The Smart Swap contract allows swapping ETH <> BNB and ERC20 <> BEP20 tokens by face value. It uses Oracle to get the price of tokens at the moment of swap.
2. In scope
In total, 4 issues were reported including:
0 high severity issues.
0 medium severity issues.
0 low severity issues.
4 owner privileges.
No critical security issues were found.
3.1. Owner privileges
Severity: owner privileges
- Owner can change company fee.
- Owner can change factory contract to the new contract.
- Owner can change validator contract.
- Owner can change Oracle contract.
Since tokens swapping correctness completely relies on the
Validator response and the
Validator contract relies on the
Oracle response the owner may change those contracts to make swapping unfair (or steal money).
The audited smart contract can be deployed. No direct security issues were found during the audit. But the users have to take note of the owner's rights and have to trust the SmartSwap owner and
Oracle that used in the SmartSwap contract.