Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Tradoor>Audit Results>Assessment Results
GeneralOverview
Findings
High (1)
Medium (1)
Low (1)
Informational (4)
DiscussionTest suiteUnused isPending flag on perpetual ordersLimited contract storage enables denial-of-service attacks
Threat ModelWhat are threat models?1-usdt_pool.tact2-ton_pool.tact
Audit ResultsAssessment Results

Assessment Results

During our assessment on the scoped Tradoor contracts, we discovered seven findings. No critical issues were found. One finding was of high impact, one was of medium impact, one was of low impact, and the remaining findings were informational in nature. The high, medium, and low severity issues have been remediated, and the corresponding fix commit links are included in this report for reference.

While our review did not identify any critical severity issues, we believe there are still areas that would benefit from further refinement before the code is moved to production. We recommend developing a more comprehensive test suite and adding clear documentation to improve maintainability, support future reviews, and build trust with end users.

Due to the time-boxed nature of security assessments, there are inherent limitations to the depth and breadth of coverage possible. In this assessment, limited documentation — both within the code and in external resources — made it challenging to fully understand certain design decisions, the intended threat model, and the rationale behind some of the mathematics.

Complex mathematical logic was not clearly explained, which required significant time to interpret. In several cases, this led us down investigative paths that ultimately proved unnecessary, consuming significant time. More thorough documentation could help avoid such detours and enable a more focused and efficient review.

Additionally, external documentation was not provided at the time of the assessment. Often, this meant there was no direction as to the roles of certain entities or the purpose of separating certain roles (e.g., owner from multisig), and resources for answering this were not available. Answering these questions does not directly aid our understanding of the code. However, without insight on the developer's intentions, observations cannot easily be made about in-code mistakes regarding the threat model. This is a significant barrier in an assessment.

In particular, it would be valuable to document:

  • All non-trivial math or logic implemented by onchain contracts (pool.tact in particular)

  • The roles of the protocol participants and which actions they are entrusted to perform

  • The security assumptions for off-chain components

After having performed our assessment, the code we have the least coverage of is the jetton contracts. We performed a cursory review; however, the pool required significant time and attention and was prioritized.

The test suite is also not comprehensive. This reflects an early stage of development, and can hinder understanding during an assessment. In this protocol, it is especially a concern given the complexity of the pool and the mathematical logic involved. For information regarding our concerns and recommendations for the tests, please refer to section ref.

Given the complexity of this protocol — in addition to improving documentation and tests — we also strongly recommend a comprehensive assessment of the protocol including the offchain executor component. We also recommend setting up a bug-bounty program, to maximize the incentives for participating to coordinated bug disclosure.

Zellic © 2025Back to top ↑