ZEUS DEX | SUPPORT
  • Welcome
    • About
      • Introduction
      • Overview
      • Interoperability Challenges
      • Why Choose Zeus DEX?
      • Mission & Vision
      • What Makes Zeus DEX Different?
        • Native and Decentralized
        • The POWER of X-Talk
        • Why ZEUS DEX is Better?
      • Business Model
      • Market Opportunity
      • Security
      • Products & Technology
      • Growth Strategy
      • Tutorials
    • Roadmap
    • Quickstart Guide
    • Token Address List
    • Tokenomics
    • Liquidity Phase
      • ZDX
        • Token Details
        • Introduction
        • Tokenomics
        • Initial Liquidity Phase
          • $ZDX Pools
          • Stable Pools
          • Blue Chip Pools
          • Single Stake Pools
      • SZDX Token
      • Tokens on Zeus
  • Audits
    • Audit Stake Contract
      • Audit - Slither
      • Audit - Mythril
    • Audit Zapper Contract
      • Audit - Slither
      • Audit - Mythril
    • Audit Balancer Contract
      • Audit Report
Powered by GitBook
On this page
  • Security Audit Report for StakeV2Contract using Mythril 0.24.8
  • Summary of Findings
  • Low Severity Issues
  • Informational Issues
  • Conclusion
  • Recommendations
  1. Audits
  2. Audit Stake Contract

Audit - Mythril

Security Audit Report for StakeV2Contract using Mythril 0.24.8

Summary of Findings

The security audit of the StakeV2Contract using Mythril revealed several issues, categorized according to the Smart Contract Weakness Classification (SWC) Registry. The findings range from naming convention inconsistencies to missing zero-checks on critical parameters.

Low Severity Issues

1. Missing Zero-Check (SWC-104)

Impact: Low Confidence: Medium

  • Description: Certain functions lack zero-address checks for critical parameters, which could lead to vulnerabilities if a zero address is passed.

  • Affected Code:

    • StakeV2Contract.constructor

    • StakeV2Contract.setTreasuryAddress

  • Recommendation: Implement zero-address checks (require(_address != address(0))) to ensure that critical addresses are not set to the zero address.

Informational Issues

2. Boolean Comparison with Constant (SWC-128)

Impact: Informational Confidence: High

  • Description: Several functions in the contract perform unnecessary boolean comparisons with constants such as true or false. This is redundant and could be simplified.

  • Affected Code:

    • require(isDepositPaused == false, "Deposit is paused");

    • require(isStakeUnlocked(internalId) == true, "Given Stake is not available for withdrawal yet");

  • Recommendation: Simplify the boolean checks by removing comparisons with constants. For example, replace require(condition == true) with require(condition).

Conclusion

The StakeV2Contract contains some issues flagged by Mythril, including missing zero-checks and redundant boolean comparisons. While no high-severity vulnerabilities were identified, addressing the low-severity and informational issues will enhance the overall security and maintainability of the contract.

Recommendations

  • Implement zero-address checks to prevent critical vulnerabilities.

  • Simplify boolean comparisons to improve code clarity.

  • Review and adhere to Solidity coding standards to maintain best practices.

Disclaimer: This audit is based on the contract code and tools used at the time of the audit. Future updates or changes to the contract could introduce new risks. The audit does not guarantee the absence of vulnerabilities.

PreviousAudit - SlitherNextAudit Zapper Contract

Last updated 9 months ago