Prepared by:
HALBORN
Last Updated 06/04/2026
Date of Engagement: May 4th, 2026 - May 18th, 2026
100% of all REPORTED Findings have been addressed
All findings
27
Critical
0
High
0
Medium
2
Low
15
Informational
10
Saucerswap Labs engaged Halborn to perform a security assessment of their smart contracts from May 4th, 2026 to May 18th, 2026. The assessment scope was limited to the smart contracts provided to Halborn, commit hashes and additional details are available in the Scope section of this report.
SaucerSwap is a decentralized exchange and DeFi protocol built on Hedera. The audited codebase extends several upstream Uniswap components for the Hedera environment, including a fork of Permit2, a fork of the Universal Router, and a custom UniswapX partial-fill settlement stack. The scoped contracts introduce Hedera-specific support for HTS tokens, native HBAR flows, Permit2 authorization, Universal Router execution, partial-fill limit orders, fee tiers, executor callbacks, and filler validation.
The assessment focused on correctness across these cross-repository boundaries, especially where EVM assumptions interact with Hedera-specific native balance, token association, precompile, wallet-signing, and block-metadata behavior. As an additional scope item, Halborn reviewed the newly introduced Hedera personal-signing path in Permit2 and UniswapX, including compatibility with Hedera Account Service signature verification and coexistence with the existing EIP-712 flow; this additional review was limited to Hedera compatibility and the opt-in personal-signing changes.
Halborn was allocated 10 business days for this engagement and assigned 1 full-time security engineer to conduct a comprehensive review of the smart contracts within scope. The engineer is an expert in blockchain and smart contract security, with advanced skills in penetration testing and smart contract exploitation, as well as extensive knowledge of EVM smart contracts, DeFi protocols, and Hedera-specific smart contract behavior.
The objectives of this assessment were to:
Identify potential security vulnerabilities within the smart contracts.
Verify that the smart contract functionality operates as intended.
Assess the correctness of the Hedera-specific adaptations, including HTS and HBAR accounting, Permit2 authorization, HAS and wallet-signing behavior, Universal Router execution, and partial-fill settlement logic.
In summary, Halborn identified several areas for improvement to reduce the likelihood and impact of security risks, some of which were addressed by the Saucerswap Labs team. The primary recommendations were:
Replace full-balance native HBAR reads with attributed per-call and per-command accounting so residual router or reactor balances cannot be drained, bridged, or counted as unrelated settlement output.
Remove permissionless allowance and full-balance executor reserve patterns, and bind executor-held balances to the settlement leg that created them before allowing Permit2 or router consumption.
Use Hedera-compatible priority-fee and auction calculations that do not rely on block.basefee, which is unavailable on Hedera, and prefer timestamp-based logic where block-number cadence differs from Ethereum assumptions.
Replace live xSAUCE balance reads for fee-tier discounts with checkpointed, time-weighted, or minimum-holding-duration logic so temporary balances cannot qualify for higher fee tiers within a single transaction.
Separate fill-state semantics for taker-only and maker-side fills, and avoid shared principalFilled state from letting dust maker fills permanently block takerOnce orders.
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
0
Medium
2
Low
15
Informational
10
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Priority-fee reactors miscompute scaling on Hedera because block.basefee is unavailable | Medium | Not Applicable - 05/26/2026 |
| Shared principalFilled lets a 1-wei maker fill permanently brick a taker order using takerOnce | Medium | Risk Accepted - 05/26/2026 |
| Reactor bypasses Permit2 for AMM-output pull, leaving HTS allowance ceiling fragile | Low | Risk Accepted - 05/27/2026 |
| HBAR allowance preflight via callStatic returns wrong response code breaking quoter tooling | Low | Risk Accepted - 05/27/2026 |
| Dutch decay and exclusivity windows elapse 10x faster on Hedera block cadence | Low | Not Applicable - 05/27/2026 |
| Per-market fee override is ignored when market discount tiers are absent | Low | Risk Accepted - 05/27/2026 |
| Anyone can delete expired order state and harvest storage refund, erasing cancellation history | Low | Risk Accepted - 05/27/2026 |
| Missing recipient validation in claimFees allows operator typo to burn HBAR or zero bookkeeping | Low | Solved - 05/26/2026 |
| Best-effort batch flag fails for most commands leaving user ETH stranded on revert | Low | Risk Accepted - 05/27/2026 |
| Native HBAR deposits forwarded with wrong input token lock funds in Across bridge | Low | Not Applicable - 05/27/2026 |
| Adversarial validation contract can DoS specific fillers and inflate gas costs via uncapped returndata | Low | Not Applicable - 05/27/2026 |
| HAS reverts on malformed signatures and invalid accounts cause per-call DoS | Low | Risk Accepted - 05/27/2026 |
| Callers can drain or miscredit unattributed HBAR balances | Low | Risk Accepted - 05/26/2026 |
| Takers with tight Permit2 allowances repeatedly grief fillers by causing fee-pull settlement reverts | Low | Risk Accepted - 05/27/2026 |
| Nested sub-plans can exhaust quoter simulation gas | Low | Not Applicable - 05/27/2026 |
| Relayer captures all swap output when signed route uses MSG_SENDER recipient without sender verification | Low | Risk Accepted - 05/27/2026 |
| Shared Sequencing Nonce Lets One Filler Invalidate Another Filler's Batch | Low | Solved - 05/24/2026 |
| Cancellation callbacks lack explicit reentry protection | Informational | Risk Accepted - 05/27/2026 |
| Protocol fee accrual writes no event, making off-chain treasury monitoring brittle and unreliable | Informational | Solved - 05/27/2026 |
| Missing Dual-Ledger Documentation Causes Confusing Reverts for Integrators Using HBAR Permits | Informational | Solved - 05/27/2026 |
| Permit2 signatures replay across sister ERC-1271 wallets that omit owner-binding | Informational | Risk Accepted - 05/27/2026 |
| Deployment workflows expose keys and recovery gaps | Informational | Risk Accepted - 05/27/2026 |
| Any caller can drain executor reserves via permissionless Permit2 allowance and full-balance accounting | Informational | Solved - 05/26/2026 |
| Malformed inputs produce raw panics and incomplete diagnostics | Informational | Risk Accepted - 05/27/2026 |
| Upstream Permit2 lockdown semantics let outstanding signatures re-arm reactor and Universal Router allowances simultaneously | Informational | Risk Accepted - 05/27/2026 |
| Key Rotation Leaves a Race Window Where Revoked-Key Permits Remain Redeemable | Informational | Risk Accepted - 05/27/2026 |
| Signed route context can mislead hook integrations | Informational | Not Applicable - 05/27/2026 |
//Medium
//Medium
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Low
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
Saucerswap Labs SCA
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
