Assessment reportsPublic findings
Back to Zellic site
Assessment reports>DexFi>Discussion>Lack of security automation
GeneralOverview
Findings
High (1)
Medium (1)
Low (1)
DiscussionLack of security automationEnforce single sign onEnable audit logging
DesignDevelopment OpSec
Audit ResultsAssessment Results

Lack of security automation

The GitHub organization appears to be lacking in security-specific automation tasks across code repositories. While not an immediate threat, DexFi may want to consider implementing static code analysis tools at a minimum for any code that is pushed. Due to the current nature of hardcoded secrets, implementing this form of automation will likely have a strong benefit in preventing further occurrences in the future. In addition to stopping hardcoded secrets, security automated scanning can also help identify any code-level vulnerabilities which may have otherwise not been caught by code review.

Zellic © 2025Back to top ↑