Security Audit Report for YPool Smart Contract


XY Finance is a cross-chain interoperability protocol aggregating DEXs & Bridges. With the ultimate routing across multi-chains, borderless and seamless swapping is just one click away. The core contract covered in this audit includes YPool. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope. Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations. In summary, we did not find any critical issues within the audited codebase. However, we have identified three non-critical issues that should be addressed. Additionally, we have put two recommendations to further strengthen the code logic. It is important to note that the scope of our audit was strictly limited to the specific code versions mentioned in the report. Any updates made subsequent to our review would require a re-evaluation.


In total, we find 3 potential issues in the smart contract. We also have 2 recommendations and 0 notes, as follows:

High Risk: 0
Medium Risk: 1
Low Risk: 2
Recommendation: 2
Note: 0
ID Severity Description Category Status
1 Low Possible Loss with Incorrect Call Sequence DeFi Security Fixed
2 Medium Arbitrary External Calls with NO Access Control DeFi Security Fixed
3 Low Lack of Checks on Parameters of the multiswap() Function DeFi Security Confirmed
4 - Fix Typos in Variables and Function Names Recommendation Fixed
5 - Give Concrete Revert Messages Recommendation Fixed

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!