Back to Overview

1inch – Limit Order Settlement Security Audit

Summary

The most critical subjects covered in our audit are functional correctness, security of the assets and the accounting of the balances.

The general subjects covered are design, efficiency and documentation. While the Settlement system may protect from MEV done by the block producers, orders may be observed/rearranged on another level. The staking is only used as a barrier of entry and does not ensure that a resolver follows the protocol rules as stated in the documentation.

Detailed documentation / specification and documentation explaining the interactions between the components, especially with the limit order protocol was largely missing during the review. This review was done based on our understanding of the system as in the System Overview of this report for which we did not receive a confirmation of 1inch.

In summary, we find that the codebase in its current state provides a satisfactory level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About 1inch – Limit Order Settlement

In Limit Order Settlement resolvers settle orders of users. Major advantages this system offers include MEV protection and gasless swaps for the creator of the order. Resolvers should be whitelisted, in order to join this whitelist sufficient stake of 1inch tokens must be allocated to the resolver. The staking and delegation make use of the new proposed ERC20Pods extension.

“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”

#Source