QuillAudits enhances security and strengthens Tegro DEX's trading platform with detailed testing and strategic improvements. Learn more in the full case study!
Tegro, a Gen2 DEX, merges centralized speed with decentralized security, revolutionizing DeFi via advanced orderbooks, gasless quotes, rapid executions, and robust MEV protection.
The Tegro Gen2 Decentralized Exchange offers efficient orderbooks, gasless quotes, and a lightning-fast matching engine capable of settling up to 500K trades per second. Features include Binance-like APIs, up to 3X gas savings, MEV resistance, and custody-less trading directly from personal wallets, all of which enhance trading efficiency and security.
Tegro is a Gen2 DEX that merges the speed and efficiency of centralized platforms with the security and autonomy of decentralized systems, enabling high-frequency on-chain trading at scale. Revolutionizing the DeFi landscape, Tegro offers an advanced order book system with gasless quotes, rapid trade executions, robust MEV protection, and crucially, custody-less fund transfers. Enhanced by lightning-fast orders and up to a 3x reduction in gas fees, alongside API bot access akin to platforms like Binance or Coinbase, Tegro combines the performance of a CEX with the trust of a DEX. This platform caters to retail traders and is the go-to solution for traders who demand precision, speed, and security in their on-chain interactions.
The security of Tegro DEX was thoroughly audited, revealing several areas needing enhancement to bolster both functionality and safety. One notable issue was the calculation error in the TegroDEX.sol contract's _calculateTotalPrice() function. Transactions involving tokens with different decimal places were inaccurately calculated, potentially affecting financial accuracy. To remedy this, we suggested revising the calculation to align with the quoteTokenDecimals, ensuring accuracy in transaction values. Another critical area was the use of unfixed Solidity versions, which could lead to inconsistencies and vulnerabilities when deploying contracts. By recommending the use of a specific, tested compiler version, we aimed to stabilize the deployment environment. Additionally, the lack of expiry timestamps in orders was identified, which could lead to outdated orders being executed unintentionally. Introducing an expiry timestamp feature would add a layer of security by ensuring that only current transactions are processed. These enhancements, among others, are instrumental in maintaining the integrity and reliability of Tegro DEX, making it a safer platform for users to engage in decentralized trading.
We prioritize threat modeling based on Tegro-specific risks, adopting a security-first approach to identify and mitigate vulnerabilities beyond mere functionality testing. Combining white-box and black-box tests, we conduct comprehensive vulnerability assessments. We ensure transparent and open communication with the Tegro team throughout the audit. Emphasizing clarity, we deliver actionable insights for effective issue resolution.
During the audit of Tegro's primary contracts—TegroDex and TegroDEX Settlement—we uncovered various issues categorized by severity, including one medium severity issue, three low severity issues, and five informational severity issues. Key findings included:
To address the discovered issues, we recommended specific remediations that Tegro implemented, significantly bolstering the contracts' security and functionality:
These measures have profoundly improved Tegro's smart contract ecosystem, ensuring enhanced security, operational clarity, and trust from its users.
The Tegro project underscores the importance of security in the rapidly evolving world of blockchain technology. It highlights the value of smart contract audits in identifying and mitigating potential vulnerabilities. But most importantly, it showcases how, through successful collaboration, we can enhance security, build trust, and pave the way for a safer and more secure digital future.
Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!