The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

  • Hacken
  • Blog
  • Case Studies
  • Dexalot DEX Smart Contracts Audited by Hacken

Dexalot DEX Smart Contracts Audited by Hacken

By Malanii Oleh

Share via:

Dexalot, a decentralized crypto exchange, underwent a smart contract audit at the beginning of 2023. The audit was conducted by Hacken, a trusted blockchain security auditor. The audit was prompted by the importance of trust and safety in the exchange’s business, as its smart contracts govern customers’ funds. In addition, the audit was necessary due to the internal compliance requirements of Dexalot that all products on the mainnet production environment must be audited.

About Dexalot

Dexalot is a non-custodial central limit order book DEX, bringing the traditional centralized exchange experience to the next level through decentralized on-chain applications. The project went live in 2021 within the Avalanche ecosystem, one of the fastest smart contract platforms, and moved to its own Avalanche Subnet in February 2023. No wonder the DEX positions itself as “secure, fast, and low cost.” 

Dexalot crypto facts:

  1. The current mcap of Dexalot token ($ALOT) is $7.4M.
  2. $ALOT is listed on CoinGecko and CoinMarketCap.
  3. Important player in the Avalanche ecosystem.
  4. Supports CORE, MetaMask, Trust, Coinbase, and WalletConnect.
  5. Major presence in Turkey, France, the United States, and India.

The Team

Dexalot’s developer team consists of 2 back-end, 2 front-end,1 smart contract/back-end, and 1 infrastructure engineer. Additionally, Dexalot is a rare case where co-founders Cengiz Dincoglu and Nihat Gurmen are tech people who actually wrote the smart contracts that have been live for almost 2 years. Cengiz, who built multiple electronic trading systems during his Wall Street career, is responsible for the overall architecture and still writes code for any trading-related components. Nihat oversees the front-end and the infrastructure as well as contributes to smart contract development.  

Strategic Considerations for the Client

Cengiz Dincoglu, co-founder of Dexalot, said, “We created the next-generation crypto trading platform: A secure central limit order book that looks and feels like centralized exchanges but runs on the blockchain. We already have $1M average daily volumes, and our goal is to go multi-chain and increase our volumes to $5M/day within the next 6 months.”

The app existed on the Avalanche C-Chain between Dec 2021 and Feb 2023 with a single-chain smart contract architecture that was audited by Hacken as well. Their multi-chain architecture (patent pending) exists on both the Avalanche C-Chain (Mainnet) and Dexalot Subnet (Subnet) and is designed to allow the deployment of deposit contracts to any L1 (host) chain. The funds are locked on the host chain, and the trading and bookkeeping of token balances occur seamlessly on the subnet. All the transactions are recorded on-chain, so absolutely no room for error is allowed for Dexalot’s system. Moving to an application-specific Subnet also allowed for lowering transaction costs to sub-penny, mitigating the risk of ​​slippage or custody risk and avoiding gas spikes and system slowness caused by unrelated L1 applications. Their team had the solution at the end of 2022, but they needed a reputable auditor to verify its security.

The Road to Audit

Trustlessness is the cornerstone of decentralized finance—trust in technology, not parties. Trustless code execution is instrumental to succeeding as a DEX.

Dexalot C-level managers understand the blockchain fundamentals. For them, trustless is a demand. To that end, the audit was not the result of an incident; it was always planned as a necessary step in the development process. The client’s system was audit–ready. Hence, they were able to get the highest results for security, code quality, and test coverage.

Dexalot audit score

  • Security: 10/10.
  • Code Quality: 9/10.
  • Test coverage:  96%
  • Documentation Quality: 10/10.
  • Final Score: 9.8/10

See the full Report.

Achieving Max Security is Hard but Possible

Elements of success. The case of Dexalot demonstrates the importance of remediation checks, communication, and a bit of patience. Reviewing every aspect of the ERC20 token and the on-chain exchange took us two months and five reviews.

Every next review builds on top of the previous. The preliminary audit was far from groundbreaking, but it allowed our auditors to get to know the client’s system better. Once that was settled, we managed to verify their business logic. With every subsequent iteration, we were able to detect important-to-fix issues.

Audit Outcomes For Dexalot. The only high item was a potential reputation issue that allowed Dexalot admins to cancel unfulfilled outstanding orders at the end of a token auction in sequence. This functionality could technically have been used in live order books and not just in auction order books. Dexalot team decided to change the business logic and only allow to cancel from the bottom of the book and never from the top of the book. This implementation eliminated the potential risk to reputation and trust. Besides tangible benefits, Dexalot rightfully receives additional security recognition by being ‘Proofed by Hacken“., CoinGecko, and CoinMarketCap all accept the Hacken standard for smart contract auditing.

The Power of Word-of-Mouth

Dexalot found Hacken through a referral from Avalanche. Hacken and Avalanche have been strategic partners since 2022. We help make AVAX projects more resilient to exploits. Contact us today to learn more about securing your Avalanche project.

The Beauty of a DEX

A decentralized exchange is rightfully the only real manifestation of a trustless and decentralized blockchain, unlike a CEX. Cryptocurrency transfers are reflected on the chain.

Nevertheless, in addition to smart contracts security, front-end/back-end and infrastructure security holes are unacceptable for Dexalot. For that reason, the team has two public bug bounty programs at HackenProof: one for web and mobile and the other for smart contracts. This way, Dexalot utilizes the power of the community to defend its DEX smart contrast, infrastructure, load balancers, and off-chain components.

A bug bounty program is the most cost-effective solution for active community-led protection because you only pay for detected bugs. On top of that, HackenProof Triage verifies each bug for scope and severity.


In summary, Dexalot’s decision to undergo a smart contract audit by Hacken was an essential step in ensuring the security and trust of its customers. The team made relevant changes to the codebase and design that resulted in high security. The company’s goal of creating a decentralized exchange that offers the same experience as centralized exchanges while maintaining the utmost security is exciting and will undoubtedly appeal to many cryptocurrency traders. Hacken will support Dexalot in its exciting mission.

Hacken’s cooperation with Dexalot proves that dedication makes a difference. Thanks to their hard work, continuous improvement, unwavering commitment, and trust in decentralization, Dexalot has achieved remarkable success in ensuring the security of their smart contracts.

subscribe image
promotion image

Subscribe to our newsletter

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.

Read next:

More related
  • Blog image
    Ensuring the Integrity of VeChain’s Account Abstraction Layer: A Case Study Malanii O.
  • Blog image
  • Blog image

Get our latest updates and expert insights on Web3 security