Security Audit Report for DeltaTrade


DeltaTrade is a multi-chain decentralized trading protocol that enhances user capabilities with sophisticated on-chain trading strategies such as Grid Trading, DCA, Rebalancing Grid, MultiChain Support, OrderBook, Full Platform Market Making and AI Powered Strategy. It is designed to deliver a straightforward and intuitive user experience, making it exceptionally accessible for retail traders. The core contracts covered in this audit include DeltaTrade contracts in the code repository. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we have found that the codebase contains ten high-risk issues that require prompt attention and we have identified nine medium-risk issues and seven low-risk issues that should be considered. In addition, we have put four recommendations to further strengthen the code logic, along with three notes that should be taken into consideration. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.


In total, we find 26 potential issues in the smart contract. We also have 4 recommendations and 3 notes, as follows:

High Risk: 10
Medium Risk: 9
Low Risk: 7
Recommendation: 4
Note: 3
ID Severity Description Category Status
1 Medium Incorrect Error Message in Function create_bot() DeFi Security Fixed
2 High Incorrect Target Address of Callback Function DeFi Security Fixed
3 Low Lack of Storage Release DeFi Security Fixed
4 Medium Lack of Attached Transfer Fee DeFi Security Confirmed
5 Low Lack of Check for the Parameter valid_until_time DeFi Security Fixed
6 Low Lack of Check for the Parameter slippage DeFi Security Confirmed
7 Medium Unrefunded Storage Fee DeFi Security Fixed
8 Medium Lack of Attached Storage Fee in Function add_refer() DeFi Security Fixed
9 Medium Inappropriate Refund Mechanisms DeFi Security Confirmed
10 High Incorrect refund balance in Function after_wrap_near_for_create_bot() DeFi Security Fixed
11 High Lack of Check in function close_bot() DeFi Security Fixed
12 High Lack of State Rollback in Callback Function DeFi Security Confirmed
13 Low Redundant Refund Logic in Function internal_check_bot_amount() DeFi Security Fixed
14 High Lack of Proper Handling of Token Decimals DeFi Security Fixed
15 Low Gas Waste due to Redundant Checks in Function internal_create_bot() DeFi Security Confirmed
16 Medium Unreasonable Logic in Function internal_check_near_amount() DeFi Security Confirmed
17 Low Incorrect Revenue Token Returned in Forward Order DeFi Security Fixed
18 High Function token_storage_deposit() Fails to Deposit Storage Fees DeFi Security Fixed
19 Low Lack of Check on Parameter in Function token_storage_deposit() DeFi Security Fixed
20 High Incorrect Storage_Key in Function internal_add_refer_recommend_user() DeFi Security Fixed
21 Medium Unrefunded Near Due to WNEAR is Not in Whitelist DeFi Security Fixed
22 High Incorrect Storage Fee Logic (I) DeFi Security Fixed
23 High Incorrect Storage Fee Logic (II) DeFi Security Fixed
24 Medium Incorrect Logic in Function internal_check_near_amount() DeFi Security Fixed
25 Medium Lack of Storage Fee in Function taker_orders() DeFi Security Fixed
26 High Grid_Bot Will Never Start Due to Incorrect Parameters DeFi Security Fixed
27 - Redundant Code Recommendation Fixed
28 - Redundant Implementation of NEAR Transfer Recommendation Fixed
29 - Lack of Minimum Value Check for taker_order.amount_sell Recommendation Fixed
30 - Lack of Check Parameter in Function set_refer_fee_rate() Recommendation Fixed
31 - Centralization Risks Note
32 - Delayed Activation of grid_bot Due to Volatile Price Fluctuations Note
33 - Storage Usage for Token Never Released Note

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!