Smart contract audit

YAD underwent an in-depth smart contract audit by Scalable Solutions, a renowned entity in the blockchain security sector. With a decade-long tenure in the cybersecurity domain, Scalable Solutions has garnered acclaim in the development of non-custodial wallets, pioneering DeFi protocols, state-of-the-art trading venues, and now in the audit of intricate smart contracts.

To read the audit report in full, a PDF is available for download on Scalable Solutions' website.

Audit Background

The audit’s epicenter revolved around an exhaustive analysis of YAD’s router’s primary smart contracts. This exercise pinpointed several nominal issues, which were duly rectified. These encompassed informational gaps such as undocumented functions in the codebase and three low-priority advisories pertaining to contracts interacting with other aggregators. Additionally, post-swap token dispatch to the correct contracts was brought into the limelight.

The prime intention behind this meticulous audit was to unearth vulnerabilities within the aggregator’s foundational smart contracts and to suggest feasible mitigation strategies. It is imperative to underscore that the smart contracts under review were deemed devoid of exploitable loopholes, validating their robustness against potential adversarial actions.

A notable observation by Scalable Solutions pertained to the Uniswap function encapsulated within a proxy contract, positing a theoretical scenario where an antagonist could emulate the swap. However, in YAD’s architectural design, this proxy contract is not the custodian of the sender’s assets. Consequently, rectifying this would inadvertently inflate the contract's operational costs.

YAD's Commitment

YetAnotherDeFi (YAD) endeavors to revolutionize the DEX aggregator arena, leveraging a slew of mechanisms. It meticulously curates liquidity data from an array of sources, thereby proffering the most economical quotation. Moreover, it meticulously divides orders across multiple pools to minimize price fluctuations, while concurrently facilitating user-driven slippage thresholds. Complementing this, it rigorously examines market price variations to furnish users with the most streamlined trading pathway.

Audit Report Overview

The audit undertook an exhaustive evaluation of several project-specific smart contracts crafted to bolster the capabilities of the 0x protocol. These ancillary contracts introduce advanced interfaces, streamlining interactions with decentralized exchanges (DEX). The overarching goal was to assess these contracts in terms of security, reliability, and functional finesse.

Scope

The audit encapsulated a detailed assessment of an array of smart contracts:

• SailFlashWallet.sol: Facilitates instantaneous trades by permitting users to loan assets from liquidity providers sans upfront collateral.

• AnyRecipientFeature.sol: Augments token dispatch flexibility, allowing tokens to be sent to any designated recipient.

• SailAdapterFeature.sol: Acts as a bridge, ensuring smooth interactions between the 0x protocol and myriad exchange frameworks.

• SailUniswapV3Feature.sol: Enables harmonization with the Uniswap V3 protocol, enriching liquidity management and diversifying trading strategies.

• SailArbitrumMigration.sol & SailMigration.sol: Streamlines asset migration processes and manages the deployment & feature registration within the 0x protocol.

• SailRFQTransformer.sol: Aids in the RFQ order process, facilitates external contract calls, and offers backup routes during contingencies.

The audit remit encompassed an evaluation of these contracts' codebases, their adherence to industry best practices, and pinpointing potential risks integral to their deployment. This endeavor sought to accentuate the 0x protocol's capabilities, elevating the user's experience in the DEX milieu.