To check the full report please see here:
Review Methodology
Overview
The security review conducted doesn’t replace a full security audit of the overall Kulap.io technology infrastructure. Its scope is limited to the KULAPDex.sol smart contract, and to some aspects of the smart contract itself. Security best practices strongly recommend that Kulap.io conduct a full security audit of the on-chain and off-chain components of their infrastructure, and the interaction between the two.
Scope
The security review covers the following components of the Kulap.io platform:
– Kulap.io smart contracts, in particular:
– KULAPDex.sol
– Commit deab1f6
– Reference file
– https://github.com/kulapio/dex-smart-contract/blob/deab1f6c0d3b66056fb562a57bc031f38356b67d/contracts/KULAPDex.sol
– Imported associated smart contracts, in particular OpenZeppelin smart contracts:
– openzeppelin-solidity/contracts/utils/ReentrancyGuard.sol
– openzeppelin-solidity/contracts/math/SafeMath.sol
– openzeppelin-solidity/contracts/ownership/Ownable.sol
– Commit 58a3368
– Reference tree https://github.com/OpenZeppelin/openzeppelin-contracts/tree/v2.5.0
– Kulap.io helpers and interfaces, in particular:
– ./helper/ERC20Interface.sol
– ./interfaces/IKULAPTradingProxy.sol
– ./interfaces/IKULAPDex.sol
– Commit deab1f6
– Reference tree
– https://github.com/kulapio/dex-smart-contract/tree/deab1f6c0d3b66056fb562a57bc031f38356b67d/contracts
– Compilation and testing environment, in particular:
– .mocharc.json
– .waffle.json
package.json
– Commit deab1f6
– Reference tree
– https://github.com/kulapio/dex-smart-contract/tree/deab1f6c0d3b66056fb562a57bc031f38356b67d/contracts
The security review covers the following:
– Solidity best practices, including:
– Documentation
– Linting
– Compiler warnings
– Unused code sections
– Todo comments
– Test instructions
– Tests execution
– Testing dependencies
– Automated analysis, including:
– Assertions and property checking
– Byte-code safety
– Authorization controls
– Control flow
– ERC standards compliance
– Solidity coding best practices
Tools
The following tools and material were used in conducting the review:
– Smart Contract Weakness Classification and Test Cases
– ConsenSys Smart Contract Best Practices
– MythX Professional Edition Subscription
– MythX Python CLI
To check the full report please see here.
