DESCRIPTION
DeltaTrade is a multi-chain decentralized trading protocol that enhances user capabilities with sophisticated on-chain trading strategies such as Grid Trading, DCA, Rebalancing Grid, MultiChain Support, OrderBook, Full Platform Market Making and AI Powered Strategy. It is designed to deliver a straightforward and intuitive user experience, making it exceptionally accessible for retail traders. The core contracts covered in this audit include DeltaTrade contracts in the code repository. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we have found that the codebase contains ten high-risk issues that require prompt attention and we have identified nine medium-risk issues and seven low-risk issues that should be considered. In addition, we have put four recommendations to further strengthen the code logic, along with three notes that should be taken into consideration. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.
KEY FINDINGS
In total, we find 26 potential issues in the smart contract. We also have 4 recommendations and 3 notes, as follows:
| ID | Severity | Description | Category | Status |
|---|---|---|---|---|
| 1 | Medium | Incorrect Error Message in Function create_bot() | DeFi Security | Fixed |
| 2 | High | Incorrect Target Address of Callback Function | DeFi Security | Fixed |
| 3 | Low | Lack of Storage Release | DeFi Security | Fixed |
| 4 | Medium | Lack of Attached Transfer Fee | DeFi Security | Confirmed |
| 5 | Low | Lack of Check for the Parameter valid_until_time | DeFi Security | Fixed |
| 6 | Low | Lack of Check for the Parameter slippage | DeFi Security | Confirmed |
| 7 | Medium | Unrefunded Storage Fee | DeFi Security | Fixed |
| 8 | Medium | Lack of Attached Storage Fee in Function add_refer() | DeFi Security | Fixed |
| 9 | Medium | Inappropriate Refund Mechanisms | DeFi Security | Confirmed |
| 10 | High | Incorrect refund balance in Function after_wrap_near_for_create_bot() | DeFi Security | Fixed |
| 11 | High | Lack of Check in function close_bot() | DeFi Security | Fixed |
| 12 | High | Lack of State Rollback in Callback Function | DeFi Security | Confirmed |
| 13 | Low | Redundant Refund Logic in Function internal_check_bot_amount() | DeFi Security | Fixed |
| 14 | High | Lack of Proper Handling of Token Decimals | DeFi Security | Fixed |
| 15 | Low | Gas Waste due to Redundant Checks in Function internal_create_bot() | DeFi Security | Confirmed |
| 16 | Medium | Unreasonable Logic in Function internal_check_near_amount() | DeFi Security | Confirmed |
| 17 | Low | Incorrect Revenue Token Returned in Forward Order | DeFi Security | Fixed |
| 18 | High | Function token_storage_deposit() Fails to Deposit Storage Fees | DeFi Security | Fixed |
| 19 | Low | Lack of Check on Parameter in Function token_storage_deposit() | DeFi Security | Fixed |
| 20 | High | Incorrect Storage_Key in Function internal_add_refer_recommend_user() | DeFi Security | Fixed |
| 21 | Medium | Unrefunded Near Due to WNEAR is Not in Whitelist | DeFi Security | Fixed |
| 22 | High | Incorrect Storage Fee Logic (I) | DeFi Security | Fixed |
| 23 | High | Incorrect Storage Fee Logic (II) | DeFi Security | Fixed |
| 24 | Medium | Incorrect Logic in Function internal_check_near_amount() | DeFi Security | Fixed |
| 25 | Medium | Lack of Storage Fee in Function taker_orders() | DeFi Security | Fixed |
| 26 | High | Grid_Bot Will Never Start Due to Incorrect Parameters | DeFi Security | Fixed |
| 27 | - | Redundant Code | Recommendation | Fixed |
| 28 | - | Redundant Implementation of NEAR Transfer | Recommendation | Fixed |
| 29 | - | Lack of Minimum Value Check for taker_order.amount_sell | Recommendation | Fixed |
| 30 | - | Lack of Check Parameter in Function set_refer_fee_rate() | Recommendation | Fixed |
| 31 | - | Centralization Risks | Note | |
| 32 | - | Delayed Activation of grid_bot Due to Volatile Price Fluctuations | Note | |
| 33 | - | Storage Usage for Token Never Released | Note |
More details are provided in the audit report.