Back to case studies

Fortifying the security of Oku Trade Uniswap v3 and Chainlink based on-chain limit orders


Oku Trade is a no-fee DeFi trading platform driven by a $1.6m grant from the Uniswap Foundation and built by the GFX Labs team to directly bring the most advanced trading experience to Uniswap v3 markets across Ethereum, Polygon, Arbitrum, and Optimism.

Traditional DEX interfaces offer a minimal view of the market and the assets that users are trading. With Oku, every Uniswap v3 pool, token, and position is indexed to display past orders, charts, and more, keeping traders informed before executing a swap. Traders also can place onchain limit orders and create positions seamlessly on the platform.

No items found.
May 17, 2023
May 31, 2023
Check out full report

The Challenge

Oku Trade was looking for a reliable security partner to enhance the security of their new Uniswap v3 Limit Orders, a protocol leveraging Chainlink automation to extend the functionality of Uniswap v3 by allowing users to place limit orders as liquidity positions in a given underlying Uniswap v3 pool across Ethereum, Polygon, Optimism, and Arbitrum.

Through a UI familiar to centralized exchanges, the new Oku update aimed to leverage the properties of single-sided Uniswap v3 liquidity positions with hyper-reliable Chainlink Automation infrastructure to offer on-chain limit orders. These orders would allow users to apply specific conditions to trading pools for enhanced control over their trading strategies.

Due to the complexities involved with limit orders, liquidity pools, and Chainlink automation infrastructures, Oku’s team needed a security partner with proven experience in improving the security of Uniswap and Chainlink-based integration and protocols.

Cyfrin's Solution

Two of Cyfrin’s co-founders come from the Chainlink ecosystem, so Cyfrin was perfectly positioned for a thorough review of the Oku protocol, which leverages Chainlink automation functions to perform trades.

Our auditors’ deep knowledge of Chainlink meant we could jump quickly into the codebase, be better aware of its potential and limitations, ask more thoughtful questions, and examine edge cases we wouldn’t likely have thought of otherwise.

Cyfrin seamlessly integrated with Swell’s team, ensuring prompt support and communication through technical and mitigation assistance.

The team performed architecture analysis and diagrams, invariant tests, pattern mapping, entry point stress testing, stateful fuzzing, and a manual review process, all performed by lead security researchers who reviewed all protocol features and entry points, including storage mappings, data structures, user functions, and external protocol dependencies.


Enhanced Protocol Security

Despite Oku being previously audited in a comprehensive security review by another industry-leading auditing company, which highlighted several security vulnerabilities, the Cyfrin team identified many additional findings promptly addressed by the Oku Trade’s team.

Full Mitigation Support

Oku received comprehensive mitigation support from Cyfrin, including swift responses to security issues uncovered during the audit and expert guidance on necessary fixes. This support enabled Oku to efficiently address all concerns without hindering its operations, showcasing Cyfrin's dedication to client security and its proactive stance in ensuring the success of its customers.

Secure your protocol today

Join some of the biggest protocols and companies in creating a better internet. Our security researchers will help you throughout the whole process.
Stay on the bleeding edge of security
Carefully crafted, short smart contract security tips and news freshly delivered every week.