Apr 5, 2023
Apr 26, 2023
Sudoswap, a leading NFT marketplace designed for creators and collectors, leveraged Cyfrin’s security expertise to ensure a scalable, sustainable, and secure experience beyond the scope of the review.
0xmons, Sudorandom Labs
Sudoswap is an NFT marketplace that aims to provide a Uniswap-like experience for NFT collectors and creators. It allows the creation of AMM trading pools while enabling users to selectively buy, swap, filter, and sell various types of collectible tokens.
Designed to cater to creators and collectors, Sudoswap is built as a set of open-source and extensible smart contracts, providing creators with native revenue-sharing capabilities and selective property-checking pools.
Beyond royalties, Sudoswap v2 introduces Creator Settings, a new type of smart contract with parameters decided by the NFT creator. This feature lets creators offer a reduced royalty in return for a share of trading fees earned by liquidity pools.
Despite Sudoswap being previously audited in a comprehensive security review by another top smart contract auditing company, which yielded several security vulnerabilities, our team at Cyfrin was able to raise many additional findings - one of which was present in a version of the protocol already deployed on mainnet.
Here you can read the full Sudoswap security report.
Auditors and auditing companies often overlook core integrations and out-of-scope smart contracts, which makes security reviews of protocols like Sudoswap challenging and inaccurate. Cyfrin's goal of providing maximum security coverage for its customers is achieved by investing time and effort in thoroughly exploring the entire protocol's architecture, regardless of the review scope.
This understanding helps identify potential attack vectors that may exist for the contracts in production that are within the scope of the review.
Despite Sudoswap being previously audited in a comprehensive security review by other industry-leading blockchain security firms, Cyfrin was chosen as the auditor for the Sudoswap sudoAMM v2 smart contracts due to its strong reputation for meticulous and comprehensive audits.
With a proven track record of uncovering issues that others have overlooked, the decision for the Sudoswap team has been straightforward, making Cyfrin the ideal partner to ensure the security and integrity of Sudoswap's protocol and its groundbreaking technological introductions.
Uncovering an Out-of-Scope Mainnet Bug
Sudoswap v2 introduced a new unified Router responsible for handling all swap types with all the various standards, and an efficient method for handling partial fills when buying/selling multiple items from the same pool.
A version of the previous Router, which allows splitting swaps across multiple pairs to purchase and sell multiple NFTs in one call, was already deployed to the mainnet as part of Sudoswap v1. When reviewing the old router as part of our context-gathering efforts, the Cyfrin team was able to find a bug in which slippage protection was handled as well as another problematic function allowing to swap NFTs for any ETH-priced NFT.
A vulnerability resulting in the locking of user funds with high impact and likelihood. If the problematic functions were integrated into a UI, then this would have been evaluated as CRITICAL, but given that the current integrations significantly reduced the likelihood, we assessed the severity as HIGH.
"We believe in leaving no stone unturned. Our detailed process reflects our intention to uphold the highest quality standards when it comes to security reviews." - Giovanni Di Siena, Lead Auditor
Our Auditing Process
To ensure a comprehensive and qualitative security review, and uncover the highest possible number of vulnerabilities, Cyfrin dedicates to each audit a team of 2 or more rigorously non-anonymous and highly achieving senior security researchers.
The incredible results achieved while auditing the SudoSwap protocol, have been made possible by the commitment of Cyfrin to going the extra mile for its customers to ensure maximum security, transparency, and future sustainability of the project, going out of boundaries, if necessary, to ensure full understanding of the protocols and the reliability of the systems in scope.
On top of the involvement of a world-wide recognized, experienced, and battle-tested auditing team, our team involved a proprietary security review technique named Divergence Converge model, designed, tested, and made public by lead auditor Hans Friese - where members allocated to the security review, individually study the protocol to then converge (normally around the midway point) to exponentiate their findings and thought processes.
The discovery of a bug in production mainnet code further underscores the value of considering the broader context while auditing smart contracts. Even while the finding was technically beyond the scope of our original audit, the Cyfrin team its discovery, and resolution helped to prevent a potential unexpected loss of users' funds. For this reason, we at Cyfrin often recommend clients undergo a crowdsourced competitive audit following private time-boxed security reviews.