Prepared by:
HALBORN
Last Updated 05/02/2025
Date of Engagement: January 23rd, 2025 - February 7th, 2025
100% of all REPORTED Findings have been addressed
All findings
10
Critical
2
High
0
Medium
3
Low
2
Informational
3
THORChain engaged Halborn to conduct a security assessment of the Rujira Trade (FIN) contracts, beginning on January 23rd, 2025 and ending on February 7th, 2025. This security assessment was scoped to the smart contracts in the Rujira GitHub repository. Commit hashes and further details can be found in the Scope section of this report.
Rujira Trade (FIN) is a fully on-chain, decentralized orderbook DEX that combines an O(1) matching algorithm with liquidity from multiple sources, including Rujira's AMM pools (BOW) and THORChain’s Base Layer liquidity.
The team at Halborn assigned a full-time security engineer to verify the security of the smart contracts. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.
The purpose of this assessment is to:
Ensure that smart contract functions operate as intended
Identify potential security issues with the smart contracts
In summary, Halborn identified some improvements to reduce the likelihood and impact of risks, which were partially addressed by the Rujira team. The main ones were the following:
Ensure sum and product parameters are correctly set after a partial distribution.
Properly reset parameters after a pool reset.
Remove unnecessary decimal scaling in normalized_price.
Handle missing decimals fields in QueryPoolResponse.
Adjust swap calculations to properly refund or account for excess offer amounts.
Halborn performed a combination of manual and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of this assessment. While manual testing is recommended to uncover flaws in logic, process, and implementation; automated testing techniques help enhance coverage of the code and can quickly identify items that do not follow the security best practices. The following phases and associated tools were used during the assessment:
Research into architecture, purpose, and use of the platform.
Manual code read and walk through.
Manual Assessment of use and safety for the critical Rust variables and functions in scope to identify any arithmetic related vulnerability classes.
Architecture related logical controls.
Cross contract call controls.
Scanning of Rust files for vulnerabilities(cargo audit)
Review and improvement of integration tests.
Verification of integration tests and implementation of new ones.
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
2
High
0
Medium
3
Low
2
Informational
3
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Exponential Growth in Filled Amounts After Partial Distribution | Critical | Solved - 02/02/2025 |
| Users Can Claim Excess Funds After Pool Reset | Critical | Solved - 02/04/2025 |
| Redundant Normalization May Cause Incorrect Oracle Prices | Medium | Solved - 02/14/2025 |
| Missing `decimals` Field Causes Parsing Failures in QueryPoolResponse | Medium | Not Applicable - 04/04/2025 |
| Swap Overpayment Leads to Loss for Buyers | Medium | Risk Accepted - 04/11/2025 |
| Users Are Forced to Create an Order to Withdraw Their Filled Amount | Low | Solved - 04/01/2025 |
| Missing Validations Allow Invalid Configurations | Low | Solved - 04/01/2025 |
| Small Orders Are Removed from the System | Informational | Solved - 02/14/2025 |
| Lack of Fund Validation Before Market Maker Swap Execution | Informational | Acknowledged - 04/11/2025 |
| Prevent Unnecessary Market Maker Quote After Offer is Fulfilled | Informational | Solved - 02/14/2025 |
//Critical
//Critical
//Medium
//Medium
//Medium
//Low
//Low
//Informational
//Informational
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
RUJI Trade (FIN)
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
