Back to Overview

KyberSwap Elastic – Security Audit

Summary

KyberSwap Elastic is an automated market maker (AMM) implementation, that allows liquidity providers to concentrate the liquidity in a certain price range.

The most critical audit subjects are functional correctness, external dependency integration and protection against adversarial agents. We found some deviations from the functional correctness which were reported. Regarding external dependency integration, we found minor mismatch from standard. Lastly, bugs that limited the AntiSniping (aka JIT liquidity provision) protection were reported.

The general audit subjects covered include trustworthiness, documentation, and gas efficiency. Regarding trustworthiness, while pools are not upgradable, there are certain system parameters like whitelisted position managers that can be set only by privileged ConfigMaster role holder. We found certain parts of the documentation that could be improved so that other projects can better integrate with the Kyber Network protocol. Lastly, minor possible improvements to gas efficiency were reported.

In summary, we find that the codebase at last version commit in Scope provides provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Since the protocol logic is quite sophisticated, techniques such as property based testing and formal verification can bring valuable additional assurance. They complement but don’t replace other vital measures to secure a project.

About KyberSwap Elastic

“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.

Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”

(Source: Kyber Network media kit, April 2021)

With their thorough and high quality audits, ChainSecurity has been one of Kyber Network’s primary auditors for years now. We look forward to continuing our partnership with them for many more years to come as we keep growing the frontiers of blockchain.
Loi Luu, CEO of Kyber Network