Adex Platform Audit
The ZK Labs auditors were hired by the Adex team to conduct 2 separate audits of their platform, which can be found in the Adex github repository. The team audited the smart contract versions found in the commit 6ecc86b2a3c3594569e3df9936f6b356b0f42d1e.
The 2 separate reports written can be found here.
The Adex team wrote their smart contracts to a very high standard, which led to the ZK Labs team finding no severe issues. However, we were able to make a few suggestions.
Suggestions like naming and wrapping function calls in require were resolved by the team.
Suggestions
- Wrap all token transfer & transferFrom function calls into a require, to support older versions of ERC20 tokens which do not throw.
- Replace occurrences of send with transfer.
- Variable name in the ADXExchange contract can be removed.
- Function ordering should be cleaned up to match soliditys style guide.
- Comments listing where function, event and modifier definitions are seem rather useless.
- Consider summarizing “Links on publisher” and “Links on advertiser” into a common struct, so the struct Bid contains advertiser and publisher that are both a struct containing the specific info. This can be done as the info on both sides is the same, except of slot and unit, but for this the enum can be used to specify what type of data it is.
- Consider changing the description comments above functions to natspec conforming comments.
- Make modifier names more descriptive
- Change var to an explicit type, increases legibility and ease of understanding.
- Remove the underscores from parameter names where they are not necessary.
- The logic is identical to that found in cancelBid, consider expanding the permissions in the cancelBid function to allow for both the advertiser and the publisher to cancel, eliminating the need for this function.
Minor issue
There is nothing that prevents the advertiser and publisher from being the same person, maybe this should be checked for.
Conclusion
No severe issues were found, however suggestions were made to adhere to best practices.
