MCDEX

Off-Chain (Private)

Audited on 2021/05/10

No active critical issues

Summary

The protocol is a complicated system with several functionalities. On the whole, the system appears to do what it is intended to do, but Quantstamp has identified several issues which have since been resolved or acknowledged. The issues range from high-severity concerns to inconsistencies with documentation and specification. Tests back up the idea that the code is functions as intended, but the issues found suggest that additional testing would be helpful for future development and maintenance. Please note that the `governance`, `test`, and `reader` directories were not in scope for this audit and as such, have not been reviewed.

Project

MCDEX Arbitrum Integration

Issues (19)

	Low	Medium	High	Critical	Total
Not fixed	7	1	-	-	8
Fixed	8	2	1	-	11
Total	15	3	1	0	19

Contracts (74)

#	File Name
71	contracts/LibraryEvents.sol
72	contracts/libraries/Validator.sol
73	contracts/module/PerpetualModule.sol
74	contracts/interface/ILiquidityPool.sol

...

#	File Name
71	contracts/LibraryEvents.sol
72	contracts/libraries/Validator.sol
73	contracts/module/PerpetualModule.sol
74	contracts/interface/ILiquidityPool.sol

...

MCDEX

Summary

Issues (19)

No Backup Oracle Nor Protection From Erroneous Price Datanot_fixed/medium

`calculateCashToReturn` Does Not Exclude Perpetualsnot_fixed/low

Contract Stores Its Own Balance For Calculation Instead Of Utilising Real-Time Token Contract Valuenot_fixed/low

End User Can Pretend To Be A Broker Or Relayernot_fixed/low

Gas Usage / `for` Loop Concernsnot_fixed/low

Contracts (74)