DerivaDEX
Summary
Overall, the code and documentation in the DerivaDEX smart contracts is of very high quality. Nonetheless, during the audit we uncovered several issues, both relating to the use of the diamond standard, as well as code in the facets themselves. Importantly, since certain contracts such as `InsuranceFund.sol` rely upon the security of external token contracts, caution should be used when adding new tokens to the system. We suggest addressing all issues found before using the code in production. **Update:** The report has been updated to include updates in commit [c4f974a](https://github.com/apalepu23/derivadex_v1/commit/c4f974a49ab593d1ae88948ab396dcc3c5f3eae2), including `InsuranceFund.sol`. New findings have been appended to each section (in particular, QSP-20 through QSP-29, along with extensions to QSP-2 and QSP-4). As of this commit, the test suite has not been run; updated scripts will be used to run tests in future revised reports. **Update:** All issues have been resolved, mitigated, or acknowledged as of commit [0dbe8788](https://github.com/apalepu23/derivadex_v1/commit/0dbe8788ed3547baefac5b1ec871e574217f10aa). **Update 2:** The report has been extended to include commit [7194839](https://github.com/apalepu23/derivadex_v1/commit/7194839), which primarily contains updates to the `InsuranceFund`. New findings were noted in QSP-26 and QSP-27, as well as appended to the Best Practices and Documentation sections.
Issues (27)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 8 | 1 | 1 | - | 10 |
Fixed | 11 | 4 | 2 | - | 17 |
| Total | 19 | 5 | 3 | 0 | 27 |