Dexlyn

We express our gratitude to the Dexlyn team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

The Dexlyn Perpetual DEX is a sophisticated decentralized derivatives trading platform built on the Supra blockchain using the Move programming language. This project enables users to trade perpetual futures contracts with leverage, providing advanced trading features including market and limit orders, stop-loss/take-profit mechanisms, automated liquidations, and real-time price oracle integration. The system consists of comprehensive Move smart contracts handling trading logic, position management, fee distribution, house liquidity provision, and risk management, supported by a high-performance Rust-based keeper service that monitors blockchain events and executes orders when market conditions are met.

The system users should acknowledge all the risks summed up in the risks section of the report

{Finding_Table?columns=title,severity,status&setting.filter.type=Vulnerability}

Documentation quality

• Functional requirements are partially provided.

• • Use cases are not provided.

  • Infrastructural assumptions and expected behavior are not provided.

• Technical description is  partially provided.

• • Key function descriptions are not provided

Code quality

• The code mostly follows style guides and best practices.

• • See informational findings for more details.

• The development environment is configured.

The Dexlyn Perpetual DEX is a Move-based service that serves as a critical component in the Dexlyn perpetual trading platform. It continuously monitors the blockchain for trading events, executes market and limit orders when market conditions are met, manages stop-loss and take-profit triggers, and handles position liquidations. It contains the following contracts:

• trading.move — Manages the core trading logic for perpetual swaps, including creating orders, managing positions, and handling liquidations.

• fee_distributor.move — Distributes fees collected from trading activities to various stakeholders, including liquidity providers and the development fund.

• price_oracle.move — Provides reliable and up-to-date price feeds for assets, crucial for executing trades and liquidations at accurate prices.

• trading_calc.move — Contains all the complex mathematical calculations required for trading, such as profit and loss (PnL), price impact, and funding rates.

• capability.move — Manages access control and permissions, defining what actions different accounts or contracts are authorized to perform.

• delegate_account.move — Allows users to delegate trading authority to another account, enabling features like copy trading or managed accounts.

• vault.move — Securely holds user funds and assets required for various operations within the decentralized exchange.

• house_lp.move — Manages the liquidity provided by the "house," enabling it to act as the counterparty to all trades on the platform.

• blocked_user.move — Maintains a list of blocked users who are restricted from interacting with the protocol.

• coin_utils.move—Provides utility functions for handling different coin types and converting between coins and fungible assets.

• safe_math.move — Implements safe mathematical operations to prevent overflow and underflow errors in calculations.

• supra_oracle_pull.move — Interacts with the Supra Oracle to pull price data by verifying oracle proofs.

• supra_oracle_storage.move — Stores and provides access to the price feed data obtained from the Supra Oracle.

• managed_trading.move — Provides entry functions to interact with the trading module, allowing users to place and manage their trading orders and positions.

• managed_vault.move — Exposes the entry function to register a new vault type within the vault module.

• managed_house_lp.move — Contains entry functions for liquidity providers to interact with the house_lp module, such as depositing and withdrawing liquidity.

• managed_price_oracle.move — Exposes entry functions for managing and interacting with the price_oracle module, including updating prices and configuring oracle parameters.

• managed_fee_distributor.move — Provides entry functions for the admin to configure and manage the fee distribution settings in the fee_distributor module.

• managed_delegate_account.move — Exposes entry functions for users to manage their delegate accounts through the delegate_account module.

• managed_capability.move — Provides entry functions for managing capabilities and permissions for different accounts within the protocol.

Privileged roles

• The owner of the trading contract can arbitrarily modify critical trading parameters such as fees, leverage limits, and open interest caps, and is therefore entitled to control the fundamental risk and financial model of the exchange at will.

• The owner of the vault contract can register new vaults for different asset types, and is therefore entitled to control which assets are supported for collateral, liquidity, and fee payments within the system.

• The owner of the house_lp contract can arbitrarily modify deposit fees, withdrawal fees, and risk parameters for the liquidity pool, and is therefore entitled to control the profitability and risk exposure of liquidity providers in the system

• The owner of the price_oracle contract can arbitrarily set price feed configurations and authorize which addresses can update asset prices, and is therefore entitled to control the source of truth for asset valuation, a critical component for liquidations and trade execution.

• The owner of the fee_distributor contract can arbitrarily modify fee distribution weights and withdraw accumulated fees, and is therefore entitled to control the allocation of protocol revenue at will.

• The owner of the capability contract can arbitrarily grant powerful permissions to other accounts to act as system executors, and is therefore entitled to control which external actors can perform critical system functions like executing orders.

• The owner of the blocked_user contract can arbitrarily add or remove any address from the contract's blacklist, and is therefore entitled to censor any user and prevent them from interacting with the protocol at will.

• The executor role can:

• • execute market and limit orders

  • trigger stop-loss/take-profit positions

  • perform liquidations

  • update price oracle data

The scope of the project includes the following smart contracts from the provided repository:

Assets in Scope