IDEX
Summary
Quantstamp has performed an audit on the Solidity contracts in IDEX's exchange; the audited contracts comprise the on-chain components of the exchange. In total, 11 issues have been identified, as well as minor improvements in the code (pointed out as best practices). No high risk issue has been identified. Most issues tend to be informational; generally, those could be easily addressed with enhanced documentation. Privileged operations do exist in the audited contracts and are properly acknowledged in the given specs. Nonetheless, Quantstamp suggests a mitigation plan and clear information on how to address the hypothetical situation of an attacker gaining a privileged role. On the testing side of things, the given test suite has high coverage; nonetheless, some [few] functions lack unit tests. Specification is of good quality, and so is the code and overall inline comments. Still, some functions lack documentation or could be given more detailed documentation. Last, but not least, we suggest documenting all on-chain and off-chain component interactions to further aid independent assessment and overall auditing. After the initial report, IDEX has collaborated with Quantstamp in understanding the reported issues as well as fixing and/or acknowledging them. From the initial set of 11 issues, 7 have been resolved, whereas the remaining 4 have been acknowledged. The latter are all informational issues, and do not pose security risks.
Issues (11)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 4 | - | - | - | 4 |
Fixed | 7 | - | - | - | 7 |
| Total | 11 | 0 | 0 | 0 | 11 |