← Back to Knowledge Base
Smart Contract AuditJune 12, 20234 min read

Ensuring Security with Smart Contract Audits: A Case Study with Deflex

Dive into this guide on how Ulam Labs enhanced Deflex's blockchain security. You'll learn about smart contract audits, the challenges they faced, and how they were resolved for safer trading.

Introduction

In the ever-evolving world of blockchain technology and cryptocurrencies, ensuring the security and integrity of digital assets is of utmost importance. This blog post delves deep into the meticulous smart contract audit undertaken by Ulam Labs for Deflex, a robust set of protocols designed for optimized trading on Algorand. This case study reveals the exhaustive process followed by Ulam Labs and the findings that ensued.

Deflex's Smart Contract Architecture

Deflex is an innovative suite of protocols tailor-made to optimize trading on Algorand. It consists of two separate protocols: the Order-Router Protocol and the Limit-Order Protocol. The Order-Router Protocol maps the optimal route for asset swapping, implementing combo swaps and multi-hop swaps to ensure efficient trading. The Limit-Order Protocol allows users to execute orders at a predetermined market rate, paving the way for on-chain, decentralized limit orders.

Deflex’s Security Audit by Ulam Labs

For their second audit, Deflex entrusted Ulam Labs to ensure the security of user transactions. Our meticulous auditing process brought three key findings to light. Although these didn't pose a direct threat to user funds, they were vital for enhancing the platform's overall security and user experience.

Smart contract Audit for Deflex by Ulam Labs

The Auditing Process: A Rigorous Methodology

At Ulam Labs, we hold fast to a systematic and straightforward approach when executing audits. The process commences with an exhaustive code review to uncover any potential vulnerabilities and inefficiencies. Our team of experts dives into the complex mechanics of both protocols, anticipating potential pitfalls and rehearsing simulated attack vectors. This isn't a cursory check; rather, we place every line of code, each operation, and all possible transaction pathways under a microscope, ensuring an in-depth understanding and precise evaluation.

Unveiling Vulnerabilities: What We Found and What They Mean

During the assessment, Ulam Labs identified three significant findings. Let's delve into these discoveries and understand their implications:

1. Order Router can be Permanently Blocked by any User

Tagged with high severity and now fixed, this vulnerability involved the router contract. There was a loophole where the minimum balance could be increased permanently, causing the contract to fail. When the minimum balance surpassed 0.9 ALGOS, the router could no longer function, potentially causing a denial of service for about 24 hours. Upon identifying this issue, Ulam Labs recommended checking the minimum balance at the end of the transaction, effectively mitigating this issue.

2. Anyone can Manipulate Registry App State

This medium severity issue, still open at the time of reporting, involved the registry app. An anomaly was discovered where users could create an invalid limit-order app and then update this app to a legitimate limit order app, thus bypassing some steps usually performed during opt-in at the registry app. Though this flaw's direct impact isn't devastating, it could indirectly inflate statistics by merely paying transaction fees. The recommended solution is to authenticate an address during application creation, ensuring the app never updates if the approval program doesn't allow it.

3. Order Matching Bots Cannot Trust Limit Order Apps

This issue of medium severity, which remains unresolved at the time of the report, relates to a potential lack of reliability in the limit order apps utilized by order matching bots. Given a prior problem, the status of the limit order app, as recorded in the registry app, could be questionable. This uncertainty complicates the task of order processing for bots. The goal is to avert scenarios where bots engage in transactions destined to fail due to this uncertainty. Therefore, a thorough review of the code is advised to confirm that no baseless assumptions have been made regarding the contract code.

Key Takeaways and Observations

While some vulnerabilities were discovered, the Deflex contracts are, in general, well-designed. The use of PyTeal provides the necessary checks to keep user funds safe, and the idea of authentication using an approval program shows ingenuity, but the overlooked attack vectors need to be addressed.

In this audit, the severity classification was inspired by the Immunefi Vulnerability Severity Classification System - v2. Despite the challenges, the contract exhibits promising potential once these vulnerabilities are addressed. The recommendations made by Ulam Labs aim to safeguard against any potential fallout from these vulnerabilities.

Through this audit, Ulam Labs has proven its commitment to fortifying the integrity of Deflex contracts, delivering valuable insights that will guide the Deflex team towards a more secure future.

The Imperative Nature of Smart Contract Auditing

Smart contracts underpin the functionality of any blockchain application. But, like any software, they're prone to vulnerabilities and bugs. To ensure secure transactions and robust functionality, smart contract audits are critical. They're akin to an insurance policy, providing an extra layer of security that fosters trust among users and the platform.

Why Opt for Ulam Labs for Your Smart Contract Audit?

Ulam Labs offers an extensive range of blockchain services, including smart contract audits. Our team of experienced professionals adheres to rigorous processes, identifying potential vulnerabilities, and providing insightful reports to enhance platform security. Our clients' trust in our services is a testament to our commitment to securing the blockchain ecosystem.

Conclusion

This case study encapsulates Ulam Labs' dedication to securing blockchain applications. Our comprehensive auditing, thorough reports, and insightful solutions aim to fortify the blockchain ecosystem. If you're seeking a trustworthy partner for your smart contract security, Ulam Labs is ready to assist, ensuring top-notch security and trust in your platform.

For more technical details, we invite you to take a look at the full audit report we provided for Deflex. It includes an in-depth analysis of the findings, their impacts, and proposed solutions. The report also highlights that none of the findings presented a critical severity rating, thus underlining the quality and security of Deflex's smart contracts.

About author

Elena Beliaeva-Baran

About us
Portrait of Elena Beliaeva-Baran
How we can help

Related Services

Building compliant healthcare software requires specialized expertise. We can help.

Discovery Workshops

Discovery Workshops

We map your workflows and regulatory environment before a line of code is written.

Read more
Product Development

Product Development

Senior engineers on every project. No shortcuts, no compliance debt.

Read more
Integrations

Integrations

We connect your QMS, ERP and EHR without replacing what's already validated.

Read more

MedTech insights delivered

Real case learnings, product decisions, and technical insights from building healthcare software. No marketing fluff.

Mobile app screen — Annual exam for ECG machine
Featured case study

Five years. One team. From 1 hospital to 200.

Hospital staff were reporting issues on paper, by phone, or not at all. No single platform, no visibility, no way to track resolution. We built one and we're still running it five years later.

200+

Hospitals internationally

10,000

Active users

99.9%

Uptime

Explore case studyView all case studies
Additional learning

Explore related topics in our
Knowledge Base

Browse all articles
  • Ulam Labs Smart Contract Audit for SuperBonds
    Smart Contract Audit
    June 2, 20223 min read
    Ulam Labs Smart Contract Audit for SuperBonds

    This blog post is fully centered around the result and completion of the SuperBonds Smart Contract Audit, which was successfully conducted by the Ulam Labs Team. Here you will find a sum

    Mateusz Raczyński
    Author:Mateusz Raczyński
    Read more
  • Understanding Smart Contract Audit Costs and Processes
    Smart Contract Audit
    January 8, 202511 min read
    Understanding Smart Contract Audit Costs and Processes

    Curious why smart contract audits can cost as much as developing the contract itself? This guide breaks down the real price of security, the factors driving audit costs, and how to optimize your budget without compromising protection. Read on to avoid costly mistakes.

    Szymon Białas
    Author:Szymon Białas
    Read more
ULAM LABS senior engineering team

Let's see if we're a good fit

No lengthy onboarding, no big commitment upfront. Book a call and we'll tell you within a week if we're the right fit.

Book a discovery callAbout us