About the code review with XDFI
The XDFI smart contracts forms the base for a decentralized trading protocol on the Flare Network, allowing users to trade futures contracts in a non-custodial and trustless environment. Users deposit FLR tokens into the contract, which escrows matched Long and Short positions and disburses funds based on Flare Time Series Oracle (FTSO) price data at settlement. Compliance is ensured through a KYC process, where users receive a non-transferable KYC Token required for trading. The contract also features an automated price-matching engine to connect users with counterparties, supporting both market and limit orders for futures trading.
The FYEO Process
When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete.
Our goal is to give our clients the following:
A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.
An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.
Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.
Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.
Findings and Report
During the Security Code Review of XDFI, we discovered:
4 findings with HIGH severity rating.
2 findings with INFORMATIONAL severity rating.
During the review, the XDFI team was quick to address and remediate all findings. You can find a public version of the reports available below.
Comments