Blockchain security review

Atato has been contracted by for a smart contract security review. is developing a decentralized digital assets exchange and has applied for a digital asset Broker license under the definitions of The Kingdom of Thailand’s Royal Decree on Digital Assets Business. As part of the broker license attribution by the Securities and Exchange Commission of Thailand, a security assessment of some of the Ethereum smart-contracts should be conducted. has contracted atato
to conduct the initial security review.

To check the full report please see here:

Review Methodology


The security review conducted doesn’t replace a full security audit of the overall technology infrastructure. Its scope is limited to the KULAPDex.sol smart contract, and to some aspects of the smart contract itself. Security best practices strongly recommend that conduct a full security audit of the on-chain and off-chain components of their infrastructure, and the interaction between the two.


The security review covers the following components of the platform:

– smart contracts, in particular:

– KULAPDex.sol

– Commit deab1f6

– Reference file

– Imported associated smart contracts, in particular OpenZeppelin smart contracts:

– openzeppelin-solidity/contracts/utils/ReentrancyGuard.sol

– openzeppelin-solidity/contracts/math/SafeMath.sol

– openzeppelin-solidity/contracts/ownership/Ownable.sol

– Commit 58a3368

– Reference tree

– helpers and interfaces, in particular:

– ./helper/ERC20Interface.sol

– ./interfaces/IKULAPTradingProxy.sol

– ./interfaces/IKULAPDex.sol

– Commit deab1f6

– Reference tree

– Compilation and testing environment, in particular:

– .mocharc.json

– .waffle.json


– Commit deab1f6

– Reference tree

The security review covers the following:

– Solidity best practices, including:

– Documentation

– Linting

– Compiler warnings

– Unused code sections

– Todo comments

– Test instructions

– Tests execution

– Testing dependencies

– Automated analysis, including:

– Assertions and property checking

– Byte-code safety

– Authorization controls

– Control flow

– ERC standards compliance

– Solidity coding best practices


The following tools and material were used in conducting the review:

– Smart Contract Weakness Classification and Test Cases

– ConsenSys Smart Contract Best Practices

– MythX Professional Edition Subscription

– MythX Python CLI

To check the full report please see here.