This is the report from a security audit performed on SmartSwap by MrCrambo.
The audit focused primarily on the security of SmartSwap smart contracts.
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/TransferHelper.sol
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/Ownable.sol
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/SafeMath.sol
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/Validator.sol
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/SwapFactory.sol
- https://github.com/ezo-network/SmartSwap/blob/f2b3d82c8ed0d61cfd99621fea8cca6a798c9ead/BNBETH/SwapPair.sol
In total, 1 issue was reported including:
-
0 high severity issues.
-
0 medium severity issues.
-
0 low severity issues.
-
1 owner privilegies issues.
- Owner can change company fee.
- Owner can change factory contract to the new contract.
- Owner can change validator contract.
- Owner can change Oracle contract.
Since tokens swapping correctness completely relies on the Validator response and the Validator contract relies on the Oracle response the owner may change those contracts to make swapping unfair (or steal money).
The developer said that the voting contract will be used as an owner to reduce fraud risks and remove key ownership manipulation.
Smart contract contains only low severity issue.