Smart Contract Security

Smart contracts are subject to flaws, coding errors, unintended behavior, and inefficiencies. Once deployed in the blockchain, smart contracts are immutable (cannot change). At Saddle, we take the security of the smart contract seriously.

We conduct our own internal security audit of the smart contract code we’ve written. As a further check, to make sure Saddle’s code is proper and working as intended, we hire well reputed external agencies to audit our smart contract codes.

As for now, we have passed security auditing on all Saddle smart contracts, from the following auditors, with no issues.

Disclaimer: Security audits don’t eliminate all risks. Using Saddle as an exchange for a user should be significantly less risky, but please bear in mind there are still risks. Refer to the risks section for more details.

Certik Audit Report

Founded in 2018 by professors at Yale University and Columbia University, CertiK is a pioneer in blockchain security, using best-in-class AI technology to secure and monitor blockchain protocols and smart contracts. CertiK’s mission is to secure the cyber world. Starting with blockchain, CertiK applies innovations from academia into enterprise, enabling mission-critical applications to be built with security and correctness.

CERTIX AUDIT REPORT FOR SADDLE PROTOCOL - 29 OCT 2020

Quantstamp Audit Report

Quantstamp is the leader in blockchain security, having performed over 200 audits and secured over $100 billion in value. Their top team of PhDs and security professionals have a combined total of over 1,000 Google Scholar citations. They have audited many blockchain systems, including Ethereum 2.0, Binance Smart Chain, Flow, Cardano, and Avalanche and have secured successful innovative applications such as Maker, Compound, and NBA Top Shot.

QUANTSTAMP AUDIT REPORT FOR SADDLE PROTOCOL - 10 DEC 2020

QUANTSTAMP AUDIT REPORT FOR SADDLE VIRTUAL SWAP – 31 MAR 2021

OpenZeppelin Audit Report

Founded in 2015, OpenZeppelin has set industry standards for building secure distributed systems. OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies. OpenZeppelin verifies the distributed systems work as intended by performing an audit. Their engineers fully review the system's architecture and codebase and then write a thorough report that includes actionable feedback for every issue found.

OPENZEPPLIN AUDIT REPORT FOR SADDLE PROTOCOL - 11 DEC 2020

SADDLE ADMIN KEYS SECURITY

Note: The multisig has the capability to pause new deposits and trades in case of technical emergency. Users will always be able to withdraw their funds regardless of new deposits being paused. The multisig can also change the swap/withdrawal fees and the per pool/account deposit limits.

BUG BOUNTY PROGRAM

Note: This bounty does not cover any front-end/visual bugs, or any server-side code of any web application that interacts with Saddle. The Saddle Bug Bounty is applicable only to vulnerable smart contract code: defined as contracts deployed by Saddle, on any chain, that manage the value of Saddle’s treasury assets and/or user deposited assets. This bounty is a "no questions asked" policy for disclosures and/or immediate return of funds after any incident.

Reporting Process

Immunefi Terms & Conditions