ApeSwap is a decentralized exchange (DEX) built on the Binance Smart Chain (BSC). It allows users to buy and sell tokens using BSC's faster and cheaper transaction fees. ApeSwap provides a platform that offers a comprehensive suite of tools. These tools give users the ability to explore and engage with features that are related to wealth-building. ApeSwap started as a PancakeSwap fork but quickly evolved into a huge ecosystem of tools and solutions. Some of the tools are Swap, Liquidity Generation, Stake, Lend and borrow, and IDO.
According to CoinMarketCap stats, ApeSwap has listed thousands of token pairs. The listed tokens produce more than 20 million daily trading volume. It is currently counting more than 50 million worth of tokens locked. These numbers are making ApeSwap one of the most popular Decentralized platforms in the BSC network.
ApeSwap operates as a decentralized exchange (DEX). That means that it is a cryptocurrency exchange that operates without a central authority. It allows users to trade cryptocurrencies directly with one another, rather than going through a central intermediary such as a traditional exchange.
In a decentralized exchange, the most common type of trade is called a “pair contract”. This is a smart contract that allows users to trade one cryptocurrency for another. The core functionality of ApeSwap is the pair generators and the swap contracts. The pair generators consist of two files. The pair factory contract and the pair instances. Cyberscope’s audit security assessment scope was to check and review the pair generator functionality.
Pair contracts are generally created by the DEX and are stored on a blockchain. They contain the rules for the trade, such as the exchange rate and the amount of cryptocurrency that can be traded. When a user wants to make a trade, they interact with the pair contract by sending the appropriate amount of cryptocurrency to the contract. The contract then executes the trade and sends the corresponding amount of the other cryptocurrency to the user.
ApeSwap contracts are open source and publicly available to any user. Cyberscope team was assigned to audit the swap-core repository that implements the pair contracts.
Auditing a Pair contract is a challenging task by definition. When it comes to ApeSwap, the difficulty is increased dramatically since it is one of the most popular decentralized exchanges (DEX) in the Binance Smart Chain (BSC) network. Thousands of users are using the application and the underlying Pair contracts daily.
The pair smart contracts are deployed on the blockchain, which means that they are immutable and cannot be changed once they are deployed. This can make it difficult to fix errors or vulnerabilities that are discovered during the audit process.
Auditing a DEX pair contract like ApeSwap’s pairs requires a high level of expertise in both smart contract development and blockchain technology. It is important for the audit to be thorough and to identify any potential issues or vulnerabilities that could impact the security and reliability of the contract.
The audit assessment was broken down into smaller steps in order to make the process clear and error-proof. A team of Cyberscope security experts proceeded with the audit.
Initially, the auditors generated assisting material from the static analysis. This involves the execution of internal tools that have been implemented to assist the auditors. Some of the material that is produced includes dependency graphs, functions visibility, access roles, and findings that can be discovered from the static analysis.
The implementation of pair contracts had become well-known from the Ethereum Uniswap DEX. Later it was adopted by PancakeSwap in the BSC network. The legacy implementations have created a bibliography of documents and pre-existing audit assessments. Cyberscope auditors are always up to date with the latest technologies, all the blockchain patterns, implementations, and known vulnerabilities. Using their expertise, in the second step of the assessment, the auditors cross-checked all the latest patterns and best practices that could be used to assist in auditing the swap-core repository of ApeSwap.
Then, the auditors peer-reviewed each other findings and suggestions in order to correlate the findings. The correlated findings were then merged to produce the final audit delivery, which can be found here: https://github.com/cyberscope-io/audits/blob/main/apeswap/audit.pdf
Auditing a decentralized exchange (DEX) is important for several reasons. First and foremost, an audit helps to ensure the security of the exchange by identifying any vulnerabilities that may exist. This is especially important for ApeSwap, which operates on a decentralized platform, as any security vulnerabilities could potentially be exploited by malicious actors.
Additionally, an audit can help to increase the transparency and trustworthiness of the exchange. By conducting an independent review of the exchange's code and operations, users can have greater confidence that the exchange is operating in a fair and transparent manner. Auditing the ApeSwap helped to protect users' assets, ensure the integrity of the exchange, and build trust in the platform.
Cyberscope experts are always ready to consult and audit a smart contract by carefully reviewing the code to ensure that it is free of vulnerabilities and follows industry best practices. They can also test the contract by executing it in a simulated environment and verifying that it behaves as expected. Additionally, they can review the contract's deployment and management processes to ensure that it is secure.
If you want to learn more about our methodology feel free to contact us at: [email protected].