Dexalot

We express our gratitude to the Dexalot team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Dexalot is an omni-chain, ERC20-less decentralized exchange protocol that operates across multiple EVM-compatible chains including Avalanche C-Chain, Dexalot L1, Arbitrum, Base, and Gunzilla.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are detailed.

• • Project overview is detailed

  • All roles in the system are described.

  • Use cases are described and detailed.

  • For each contract, all futures are described.

  • All interactions are described.

• Technical description is detailed.

• • Run instructions are provided.

  • Technical specification is provided.

  • The NatSpec documentation is sufficient.

Code quality

• The development environment is configured.

Test coverage

The project demonstrates a high level of automated test coverage. Due to the combined use of Foundry and Hardhat within the same codebase, a single consolidated coverage metric cannot be reliably derived.

• Deployment and basic user interactions are covered with tests.

• Negative cases coverage is present.

• Interactions by several users are tested.

Dexalot is an omni-chain, ERC20-less decentralized exchange protocol that operates across multiple EVM-compatible chains including Avalanche C-Chain, Dexalot L1, Arbitrum, Base, and Gunzilla. The protocol implements a unique architecture where tokens are locked in mainnet Portfolio contracts and their virtual representations are traded on the Dexalot L1 using Central Limit Order Books (CLOB) without deploying ERC20 contracts on the L1.

The system supports multiple cross-chain bridges (ICM - Avalanche's Inter-Chain Messaging and LayerZero) for deposits and withdrawals, enabling users to deposit with one bridge and withdraw with another. The architecture implements gas abstraction through a GasStation contract that automatically swaps deposited tokens for native gas tokens, eliminating the need for users to manage gas tokens on Dexalot L1.

Dexalot also features a Request-For-Quote (RFQ) system for single-chain and cross-chain token swaps using off-chain price discovery from the Dexalot L1 orderbook. Additionally, the protocol introduces OmniVaults - managed vaults that allow automated trading strategies through whitelisted executor contracts.

The protocol aims to provide professional-grade trading with price-time priority orderbooks, maker/taker fee structures with volume-based rebates, auction mechanisms for token launches, and sophisticated inventory management across chains.

Files in Scope

Core Trading Contracts:

• TradePairs.sol - Manages trade pairs with Central Limit Order Books, handling order creation, matching, cancellation, and execution with support for LIMIT/MARKET orders, auction modes, and self-trade prevention (STP).

• OrderBooks.sol - Implements Red-Black-Tree based orderbooks with price-time priority, maintaining buy/sell books for each trade pair.

• PortfolioSub.sol - Dexalot L1 portfolio managing virtual token balances, trade executions, fee calculations, gas abstraction (AutoFill), and withdrawal processing.

• PortfolioSubHelper.sol - Helper contract managing rate overrides, volume-based rebates, admin accounts for rates, and taker fee collectors.

Mainnet Contracts:

• PortfolioMain.sol - Gateway for deposits to Dexalot L1, processes withdrawal messages, maintains ERC20 token mappings, and handles trusted contracts.

• Portfolio.sol - Abstract base contract for portfolio functionality shared between PortfolioMain and PortfolioSub.

Bridge Contracts:

• PortfolioBridgeMain.sol - Bridge aggregator on mainnets supporting multiple bridge providers (ICM, LayerZero), handling cross-chain message encoding/decoding.

• PortfolioBridgeSub.sol - Dexalot L1 bridge aggregator with symbol mapping, inventory management integration, delayed transfers, and dynamic bridge fee calculations.

• DefaultBridgeApp.sol - Abstract base implementation for bridge providers with remote chain configuration.

• ICMApp.sol - Avalanche ICM bridge implementation using Teleporter for inter-chain messaging.

RFQ Contracts:

• MainnetRFQ.sol - Upgradeable RFQ contract for same-chain and cross-chain swaps with signed quotes, slippage protection, and swap queuing.

• DexalotRFQ.sol - Non-upgradeable RFQ contract with immutable swap signer and wrapped native token configuration.

• DexalotRouter.sol - Router contract facilitating aggregator swaps via RFQ order execution with multi-hop swap support.

OmniVault Contracts:

• OmniVaultManager.sol - Manages OmniVaults, handling deposit/withdrawal requests in batches, vault registration, and share token operations.

• OmniVaultCreator.sol - Facilitates vault creation with initial deposits, fee collection, and request lifecycle management.

• OmniVaultExecutor.sol - Executor contract allowing EOA trading bots to interact with whitelisted functions on trusted contracts.

• OmniVaultExecutorSub.sol - Dexalot L1 executor for dispatching assets from OmniVaults back to users.

• OmniVaultShare.sol - ERC20 vault share tokens with LayerZero OFT cross-chain functionality.

• OmniVaultRegistry.sol - Registry for OmniVault contracts and configurations.

Supporting Contracts:

• DelayedTransfers.sol - Implements withdrawal delays and volume caps for security on large transfers.

• InventoryManager.sol - Manages multi-chain token inventory, calculates withdrawal fees based on liquidity distribution.

Libraries:

• UtilsLibrary.sol - Utility functions for byte conversions, decimal handling, and auction mode checks.

• InventoryFeeCalculatorLibrary.sol - Calculates inventory-based withdrawal fees using invariant formulas.

Privileged roles

• TradePairs.sol

• • DEFAULT_ADMIN_ROLE: Can pause/unpause contract, pause/unpause individual trade pairs, add/remove order types, set auction mode/price, set min/max trade amounts, set maker/taker rates, set display decimals, set slippage percent, remove trade pairs, and execute unsolicited cancels.

  • EXCHANGE_ROLE: Can add new trade pairs.

• PortfolioSub.sol

• • DEFAULT_ADMIN_ROLE: Can add/remove tokens, set fee address, set gas station, set treasury, set portfolio minter, set portfolio bridge, set portfolio sub helper, set auction mode, pause/unpause contract, pause deposits, and set bridge parameters.

  • EXECUTOR_ROLE: Can execute trades (addExecution), adjust available balances, set auction mode, and trigger autoFill gas operations.

  • PORTFOLIO_BRIDGE_ROLE: Can process cross-chain transfer payloads (deposits).

  • TRUSTED_TRANSFER_ROLE: Can perform bulk transfers on behalf of other users.

• PortfolioMain.sol

• • DEFAULT_ADMIN_ROLE: Can add/remove tokens, set banned accounts, add/remove trusted contracts, collect bridge fees, set wrapped native, set min deposit multiplier, pause/unpause, and set bridge parameters.

  • PORTFOLIO_BRIDGE_ROLE: Can process cross-chain transfer payloads (withdrawals).

• Portfolio.sol (Base)

• • DEFAULT_ADMIN_ROLE: Can set portfolio bridge, pause/unpause, pause deposits, set bridge parameters, and set L1 decimals.

  • PORTFOLIO_BRIDGE_ROLE: Can set bridge parameters.

• PortfolioBridgeMain.sol

• • DEFAULT_ADMIN_ROLE: Can enable/disable bridge providers, set trusted remote addresses, set default destination chain, set user pays fee settings, set portfolio, set gas airdrop, refund native balance, and enable cross-chain swap destinations.

  • BRIDGE_USER_ROLE: Can pause/unpause, send cross-chain messages (held by Portfolio and MainnetRFQ).

  • BRIDGE_ADMIN_ROLE: Can set bridge parameters on portfolio.

  • BRIDGE_PROVIDER_ROLE: Can process incoming cross-chain payloads (held by bridge app contracts).

• PortfolioBridgeSub.sol

• • DEFAULT_ADMIN_ROLE: Same as PortfolioBridgeMain plus set delayed transfers, set inventory manager, set bridge fee multiplier, set max bridge fee caps, set option gas costs, and set L1 decimals.

  • BRIDGE_USER_ROLE: Can add/remove tokens, send cross-chain messages.

  • BRIDGE_ADMIN_ROLE: Can set bridge fees, execute delayed transfers.

  • BRIDGE_PROVIDER_ROLE: Can process incoming cross-chain payloads.

• DexalotRFQ.sol

• • DEFAULT_ADMIN_ROLE: Can set portfolio bridge, set portfolio main, add/remove admins, add/remove rebalancers, add/remove volatility admins.

  • REBALANCER_ADMIN_ROLE: Can claim/withdraw assets, send token balance, receive native tokens.

  • PORTFOLIO_BRIDGE_ROLE: Can process cross-chain trade payloads.

  • VOLATILITY_ADMIN_ROLE: Can set slippage points.

• DexalotRouter.sol

• • DEFAULT_ADMIN_ROLE: Can set allowed RFQ contracts and retrieve tokens.

• OrderBooks.sol

• • DEFAULT_ADMIN_ROLE: Can set trade pairs contract.

  • EXECUTOR_ROLE: Can add orderbooks, add/remove orders, match trades (held by TradePairs).

• DelayedTransfers.sol

• • DEFAULT_ADMIN_ROLE: Can check thresholds, execute delayed transfers, set delay thresholds, set delay period, set epoch length, set epoch volume caps, update volume.

• InventoryManager.sol

• • DEFAULT_ADMIN_ROLE: Can update PortfolioBridgeSub, set scaling factors, remove scaling factors, update future K value, update K value.

  • PORTFOLIO_BRIDGE_ROLE: Can increment/decrement inventory, remove tokens.

• PortfolioSubHelper.sol

• • DEFAULT_ADMIN_ROLE: Can set min taker rate, add/remove admin accounts for rates, add/remove volume based rebates, add/remove rate overrides, set taker fee collectors.

• OmniVaultManager.sol

• • DEFAULT_ADMIN_ROLE: Can register vaults, pause/unpause vaults, update vault details, add/update token details, pause/unpause contract, set portfolio.

  • SETTLER_ROLE: Can bulk settle deposit and withdrawal requests.

• OmniVaultCreator.sol

• • DEFAULT_ADMIN_ROLE: Can accept and fund vaults, reject vault requests, set fee token, set fee amount, set reclaim delay, withdraw collected fees.

• OmniVaultExecutor.sol / OmniVaultExecutorSub.sol

• • DEFAULT_ADMIN_ROLE: Can set whitelisted functions, set trusted contracts, set portfolio.

  • OMNITRADER_ROLE: Can execute whitelisted functions via fallback, send native, approve tokens, dispatch assets.

• OmniVaultShare.sol

• • owner: Can set OmniVaultManager, configure LayerZero settings.

• ICMApp.sol

• • owner: Can set portfolio bridge, set relayers, add/clear relayers, set gas limits, set native bridge fees.

• DefaultBridgeApp.sol

• • portfolioBridge (modifier): Can send messages and set remote chains.

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope