QuipuSwap is intended to provide an easy and efficient way to exchange tokens and XTZ on the Tezos blockchain in a wide variety of ways. The QuipuSwap Smart Contracts aim to allow users to add their tokens to exchange, invest liquidity, and potentially make a profit in a fully decentralized way. The current implementation supports both the FA1.2 and FA2 standards.
What areas were checked
Least Authority investigation focused on the following areas:
● The correctness of the implementation;
● Adversarial actions and other attacks on the contracts;
● Potential misuse and gaming of the smart contracts;
● Attacks that impacts funds, such as the draining or the manipulation of funds;
● Mismanagement of funds via transactions;
● Denial of Service (DoS) and security exploits that would impact the contracts intended use or disrupt the execution of the contract;
● Vulnerabilities in the smart contract's code;
● Protection against malicious attacks and other ways to exploit contracts;
● Inappropriate permissions and excess authority;
● Data privacy, data leaking, and information integrity;
● Anything else as identified during the initial analysis phase.
The Least Authority team noticed that QuipuSwap code is well-organized and compartmentalized in a clean and logical way. The code has good test coverage for the intended scenarios and common failure cases. Also, the Least Authority has found several minor issues that were successfully resolved by the MadFish team.
Our next steps
The external audit was an important part of the QuipuSwap release. We want to thank the Least Authority team for their work and their suggestions for QuipuSwap improvements.
Our next steps will include:
- Internal testing different usage cases of our exchange;
- Ensuring stability of the QuipuSwap;
- Release the first version of QuipuSwap to the Tezos mainnet.
Link to the full version of the audit: