Venus Protocol SwapRouter Audit by OpenZeppelin

OpenZeppelin conducted an audit of Venus Protocol’s SwapRouter took place from May 15th to June 1st, 2023. The scope of the audit encompassed several contracts in the VenusProtocol/venus-protocol repository, including SwapRouter.sol, RouterHelper.sol, IRouterHelper.sol, IVBNB.sol, IVtoken.sol, and others.

Venus SwapRouter is an adaptation of the PancakeSwap V2 PancakeRouter, broadening user interactions by integrating Venus markets. This allows operations like supplying collateral and repaying debt with tokens different from the underlying asset, by utilizing PancakeSwap to exchange tokens for the required asset before executing supply or repay operations. The SwapRouter contract relies on a collection of supporting libraries to ensure correct interactions with PancakeSwap V2 pools​​.

The security model of the SwapRouter assumes that PancakeSwap V2 pools and Venus markets operate as intended according to their contract specifications. The contract does not hold user funds but may have user approvals. There is one privileged role in the contract which can change the vBNB address and transfer inadvertently sent ERC-20 tokens out of the SwapRouter contract​​.

The audit identified a total of eight issues, seven of which have been resolved. None of the issues were of critical, high, or medium severity, with two low severity issues noted. These low severity issues were related to missing docstrings in various parts of the codebase and instances where BNB could become locked in the SwapRouter contract. Both of these issues have been resolved as of the audit report​​.

Additional notes were made regarding misleading docstrings, potential improvements to naming conventions, missing convenience functions, confusing use of ETH and BNB in comments and function names, lack of SPDX license identifiers, and opportunities to reuse code from PancakeRouter functions​​.

Overall, the audit reflects positively on the Venus Protocol SwapRouter, with most identified issues being low severity and subsequently resolved.

Read the full article HERE

To stay up to date with the latest developments and progress, you can visit the Venus Protocol Website and Dapp.  For the latest news and events, we invite you to visit the Venus Community. To receive the latest updates, please follow us on Twitter and in our Telegram Announcement Group. We also invite you to join to our global community on Telegram for a broader discussion.

Related Tags: