Odradev/Casper- Trade - Casper Association

1. Introduction

Casper Association engaged Halborn to conduct a security assessment of the Casper Trade smart contracts, beginning on November 6th, 2025 and ending on November 14th, 2025. This security assessment was scoped to the smart contracts in the casper-trade GitHub repository based on the Odra framework version 2.4.1.

The engagement involved a detailed, line-by-line security review of all core modules that compose the Casper Trade DEX, a Uniswap V2–style automated market maker (AMM) implemented in Rust for the Casper network. The assessment included review of the Factory, Pair, and Router modules, as well as auxiliary components such as the Callee interface, SampleToken (CEP-18 implementation), utility helpers, and CLI deployment scripts.

2. Assessment Summary

Halborn's team of blockchain security specialists conducted a rigorous smart contract audit of the Casper Trade DEX architecture. The review was performed over a 9-day period by experts in Web3 security and Rust-based frameworks for Casper. The primary goal was to evaluate the security and correctness of the AMM core logic, pair creation flow, liquidity management, and routing mechanisms.

In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which have been completely addressed by the Odra team. The main ones were the following:

• Add strict access control to set/update the protocol fee receiver (and validate the destination), emit events, and add tests to prevent unauthorized fee redirection/theft.

• Enforce a canonical token order (e.g., sort by address) or remap inputs before computing shares/reserves to prevent reserve mismatches and price distortion.

• Validate create_pair inputs to reject zero or identical token addresses and revert with explicit errors, plus unit tests.

• Add decimal-adjustment getters and unique LP token identifiers to ensure correct TWAP interpretation and distinguishable liquidity tokens across pairs.

• Replace misleading authorization errors with explicit ones, standardize pair labeling to match canonical token order, and add clear revert messages in the initial mint.

• Emit events for critical operations such as skim and fee updates to enhance auditability, monitoring, and protocol transparency.

3. Test Approach and Methodology

Halborn employs a combined approach of manual code review and automated security testing to ensure a comprehensive and practical evaluation of smart contract security and correctness. Manual review focuses on identifying logic flaws, process weaknesses, and unsafe assumptions, while automated tools provide broad coverage and static analysis support.

The following phases and tools were utilized during the assessment:

• Research and documentation review to understand the Odra architecture, DEX purpose, and module relationships.

• Manual inspection of Rust source code for all key modules (Factory, Pair, Router, Callee, SampleToken, utils).

• Manual validation of state variables, entry points, and Odra annotations.

• Verification of cross-module call integrity and state consistency during liquidity and swap operations.

• Review of arithmetic operations, invariant maintenance (K-product), and price accumulator updates.

• Automated static scanning of dependencies using cargo audit and code hygiene checks.

• Analysis and execution of existing unit and integration tests to confirm functional behavior.