H-X Technology Audit: How DX25 Is Setting New Heights in DeFi Security

DX25Labs
4 min readSep 4, 2023

--

Security is a non-negotiable in the volatile landscape of decentralized finance (DeFi). Rising hack incidents make it imperative for platforms to up their game. DX25, a budding decentralized exchange, didn’t just rest on its laurels. We brought in seasoned auditors from H-X Technologies to rigorously examine their smart contracts.

General Overview

DeFi is shifting the paradigms of traditional finance. But let’s be real. The field is young and fraught with risks. Security audits like the one DX25 commissioned are a critical line of defense against potential vulnerabilities.

What’s a Smart Contracts Audit?

Smart contracts are not impervious to bugs or security lapses. They operate on a blockchain, where changes are nearly impossible once deployed. This is where audits come in.

An audit is essentially a deep dive into the smart contract’s code. Auditors scrutinize it to identify weak spots that could be manipulated. These audits are not just a cursory glance. They involve exhaustive tests, both automated and manual, using attack simulations and other tools.

Who Are H-X Technologies?

Founded in 2016, H-X Technologies isn’t your run-of-the-mill cybersecurity firm. They bring years of diversified experience to the table. Their team holds top certifications in the field, adding legitimacy and rigor to their audit processes.

When they audited DX25, they applied their gold-standard methodologies to ensure the platform adhered to the strictest of security norms.

An Audit Conclusion

Note: In this section, you can read a squeeze of information from the H-X audit in our treatment for easier understanding. You may also scroll this article all the way down to the end and find a link to the full audit.

DX25’s smart contract was put through a comprehensive security audit by H-X Technologies. This was more than just a box-ticking exercise. It was a deep dive involving multiple testing layers and code review. The auditors did identify some minor issues but found no critical vulnerabilities.

The audit was an eye-opener. It allowed DX25 to resolve the identified issues swiftly, thereby fortifying the platform’s overall security architecture. This audit was a statement from DX25, not just about compliance but also its focus on transparency and user trust.

In-Depth Manual Analysis and Developer Commentary

The audit performed by H-X Technologies extended beyond automated checks, also incorporating a rigorous manual analysis. While no critical issues were found, the auditors did identify several low-risk and informational concerns. Here are some of the noteworthy points:

F-1 Potential Lack of Check

The init_wegld method was found to lack an ensure_payable_api_resumed check. Though this was identified as a low-risk issue, H-X Technologies recommended incorporating the check for better code robustness. The DX25 developers noted that the method can only be invoked once and doesn’t affect token balances, making the scenario practically impossible.

F-2 Unnecessary Double-Check

The init_wegld method included a redundant verification step, limiting the ability to call the method solely to the owner of the smart contract. This was also identified as a low-risk issue. The auditors suggested removing this redundant check to optimize the code. The DX25 team highlighted the risk of having methods perform these actions without adequate checks and cited WASM build size constraints.

F-3 Unnecessary Argument Passing

During smart contract initialization, certain arguments like fee_rates were unnecessarily passed, given that they faced a strict check eliminating their variance. The developers explained that this was done for future-proofing the contract.

F-4 Missing Cargo Overflow Checks

An informational finding was identified where Cargo.toml did not include the overflow-checks=true option, leading to potential issues in release builds. A recommendation was made to include this check to prevent unforeseen application behavior.

While these were generally low-risk or informational, their identification and the subsequent dialogue between the auditors and the DX25 team improved the project’s overall code quality and security posture.

Conclusion

In the dynamic world of DeFi, security is a paramount concern. DX25’s decision to undergo a thorough audit by H-X Technologies underscores its commitment to ensuring a safe and seamless user experience. The audit revealed that DX25 meets and strives to exceed industry standards, swiftly addressing any issues identified.

For a deeper understanding of how DX25 is setting new benchmarks in DeFi security, we highly recommend perusing the full Audit Report:

https://download.h-x.technology/assurance/H-X-Report-on-DX25-SC-audit-for-Tacans.pdf

--

--

DX25Labs

DX25 is a powerful, single-pool multi-fee concentrated liquidity, margin & derivative trading DEX 🚀 Powered by MultiversX (Elrond) blockchain.