As a responsible and reliable project, Mate considers cybersecurity as a top priority property which it has to provide to its customers.
To make sure that assets of MateDEX users are strongly secured, the company has initiated a conduction of an independent external audit process. After thorough research, we decided to contract Hacken — a leading cybersecurity consulting company with an essential focus on blockchain security.
Under this audit the following contracts were reviewed and tested:
Audit results by Solidity Finance can be found here:
Hacken has conducted a Smart Contract Code Review and Security Analysis. They have scanned these smart contracts for commonly known and more specific vulnerabilities. Here are some of the commonly known vulnerabilities that were considered:
- Ownership Takeover
- Timestamp Dependence
- Gas Limit and Loops
- DoS with (Unexpected) Throw
- DoS with Block Gas Limit
- Transaction-Ordering Dependence
- Style guide violation
- Costly Loop
- ERC20 API violation
- Unchecked external call
- Unchecked math
- Unsafe type inference
- Implicit visibility level
- Deployment Consistency
- Repository Consistency
- Data Consistency
- Business Logics Review
- Functionality Checks
- Access Control & Authorization
- Escrow manipulation
- Token Supply manipulation
- Assets integrity
- User Balances manipulation
- Data Consistency manipulation
- Kill-Switch Mechanism
- Operation Trails & Event Generation
The Hacken team performed an analysis of code functionality, manual audit, and automated checks with Mythril and Slither. All issues found during automated analysis were manually reviewed. As a result of the audit, security engineers found only 1 medium and 2 low severity issues. According to the assessment, Mate’s smart contracts are secured.
No critical issues were found.
No high severity issues were found.
Tests could not be run.
Recommendation: make sure all tests could be executed and there is a script or description of how to run them. Also, to ensure coverage of at least 95% of code branches of all tests.
- Block timestamp
Dangerous usage of block.timestamp. block.timestamp can be manipulated by miners. Some contracts are fully related on the block.timestamp
Contracts: UniswapHandler.sol, OrderBook.sol, MateCore.sol
Recommendation: to consider relying on the block.number instead
- A public function that could be declared external
public functions that are never called by the contract should be declared external to save gas.
Contracts: StakingPool.sol, OrderBook.sol
Functions: enter, leave, getOrder
Recommendation: to use the external attribute for functions never called from the contract.
Smart contracts within the scope were manually reviewed and analyzed with static analysis tools. As a result of the audit, security engineers found 1 medium and 2 low severity issues.
Hacken is a leading cybersecurity consulting company with an essential focus on blockchain security. Hacken Cybersecurity Services is a part of Hacken Group, including CER.live, HackenAI, and HackenProof. From June 2020, CER.live is the unique cybersecurity data provider for CoinGecko Trust Score.
If you are interested to see their previous work, you can check out their audit portfolio or social channels:
MATE is a DEX that enables traders to maximize their trade returns through limit orders that guarantee trade execution without risking their assets via unpredictable slippage.