Atomic Loans

Off-Chain (Private)

Audited on 2020/07/03

No active critical issues

Summary

Quantstamp has assessed the Atomic Loans smart contracts and Bitcoin scripts, and consider them to be well-architected and adherent to the provided specification. No critical security issues were detected during this audit, however we provide several suggestions for code improvements based on issues found during the audit. We recommend these issues be reviewed and resolved prior to the code being used in production. *Disclaimer:* This audit only assessed a subset of the code contained in the above repositories. Specifically, it is scoped to the following code: * In `atomicloans-eth-contracts`, the contracts `Funds.sol`, `Loans.sol`, and `Sales.sol`; * In `atomiclaons-oracle-contracts`, the contracts `Medianizer.sol`, `Oracle.sol`, `chainlink/*`, and `oracle/*`; * In `chainabstractionlayer-loans`, the Bitcoin scripts in `BitcoinCollateralProvider.js` and `BitcoinCollateralSwapProvider.js`. **Update:** The Atomic Loans team has addressed our concerns as of commit [8016c19](https://github.com/AtomicLoans/atomicloans-eth-contracts/commit/8016c198fd4993b4ee9b3dee40133b08578d8168) of `atomicloans-eth-contracts`, [3f963fe](https://github.com/AtomicLoans/chainabstractionlayer-loans/commit/3f963fe5d8968d7ac9c6fb4cb5f8afb24135df16) of `chainabstractionlayer-loans`, and [67d3df1](https://github.com/AtomicLoans/atomicloans-oracle-contracts/commit/67d3df1d70c323c10d10f3dd0e06eee280373224) of `atomicloans-oracle-contracts`. We commend the Atomic Loans team's pro-active and well-organized approach to addressing all findings (including best practices), which significantly streamlined the re-audit process. **Update 2:** The Atomic Loans team has added a `HotColdWallet` smart contract in commit [8016c19](https://github.com/AtomicLoans/atomicloans-eth-contracts/pull/161/commits/c4c28446d187a2c678325b8c839b7a2266bdb962). Only one informational issue was found. **Update 3:** The Atomic Loans team has addressed our comments as of commit [878917d](https://github.com/AtomicLoans/atomicloans-eth-contracts/commit/878917d67cbba4aeabb785c364abcbdfca871a0c).

Project

Issues (11)

	Low	Medium	High	Critical	Total
Not fixed	11	-	-	-	11
Fixed	-	-	-	-	0
Total	11	0	0	0	11

Contracts (81)

#	File Name
61	contracts/Compound/WhitePaperInterestRateModel.sol
62	contracts/Compound/PriceOracleProxy.sol
63	Kraken.sol
64	contracts/Compound/Oracles/_DSValue.sol
65	contracts/Compound/ComptrollerInterface.sol
66	contracts/Compound/InterestRateModel.sol
67	contracts/Compound/DAIInterestRateModel.sol
68	contracts/Compound/Exponential.sol
69	contracts/Compound/Oracles/_CarefulMath.sol
70	FundOracles.sol

...

#	File Name
61	contracts/Compound/WhitePaperInterestRateModel.sol
62	contracts/Compound/PriceOracleProxy.sol
63	Kraken.sol
64	contracts/Compound/Oracles/_DSValue.sol
65	contracts/Compound/ComptrollerInterface.sol
66	contracts/Compound/InterestRateModel.sol
67	contracts/Compound/DAIInterestRateModel.sol
68	contracts/Compound/Exponential.sol
69	contracts/Compound/Oracles/_CarefulMath.sol
70	FundOracles.sol

...

Atomic Loans

Summary

Issues (11)

Centralization of Powernot_fixed/low

Code does not adhere to the checks-effects-interactions patternnot_fixed/low

Downcasting and Upcasting may lead to unexpected resultsnot_fixed/low

Gas Usage / `for` Loop Concernsnot_fixed/low

Integer Overflow / Underflownot_fixed/low

Contracts (81)