B005: Audit Scopes

Forked Code

SushiSwap Code
  • Uniswap V2 AMM: Contract filename structure (XERC20.sol, XFactory.sol, XPair.sol, XRouter.sol) & notion of token0 and token1 etc. within code.
  • Balancer V1 AMM: Contract filename structure (XPool.sol, XConst.sol XMath.sol etc.) & notion of denormalizedWeight and normalizedWeight along with bind / unbind / rebind functions.
  • Compound Governance: Presence of Timelock.sol, thoroughly documented code for the Proposal struct & castVote / castVoteBySig functions.
  • SushiSwap Staking: Chef contract suffix, UserInfo & PoolInfo and deposit, withdraw & emergencyWithdraw functions.
PancakeSwap Code

Scope Depth Level

  • Multiple “import” statements that are not of a well-known library (OpenZeppelin)
  • Total contract length, per-function length, per-function total code paths (if-else chains, for loops etc.), and per-function state mutability
  • Naming notions (i.e. “Oracle”, “Staking”, “Pool”, “Strategy” etc.)
  • ERC Standards (i.e. “ERC20”, “ERC721” etc.)

Documentation & Test Coverage

Conclusion

--

--

--

A Solidity security auditor keen to share his knowledge.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Streamlining DevOps using Cycle and CI/CD pipelines

Tracking Inventory in the Wild™ Maximizes Your Inventory Investment — #1 Cloud Inventory® Software…

Post-agile process agnosticism

Command-Line Subcommands with Python’s argparse

Guide for beginner Web Developer Enthusiastic

Announcing the Launch of the ALPACA Governance Vault! Higher APYs for ALPACA holders!

DANTE NETWORK

Company Update: November/December 2018

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Papageorgiou

Alex Papageorgiou

A Solidity security auditor keen to share his knowledge.

More from Medium

Web 2 and Web 3, What Makes them Different?

Novon: Docking into Xord

Chainlink Labs Telegram AMA with Labs Group | December 23, 2021

Cross-chain next generation oracle solution

Cross-chain next generation oracle solution