A three person-day audit was performed on InstaDApp's dsa-contracts repository in March 2020. The audit aimed to answer questions regarding the security and overall quality of the code, including but not limited to:
- Can an attacker extract funds from arbitrary user accounts?
- Can an attacker manipulate the platform in a way to deceive unsuspecting users?
- Could unexpected transaction ordering adversely affect the behavior of user accounts?
- Does the current code make it easier, or harder, to write bug-free code in the future?
In total, 1 undetermined, 0 high, 3 medium, 4 low, and 2 informational findings were documented. Additionally, 9 recommendations were made.
InstaDApp resolved all undetermined, medium, and low severity findings and applied some of the recommendations. The remaining findings and recommendations were discussed at length during which compelling and satisfactory reasoning for why they were unaddressed were given.