# šŸ” Audit Report HashCloak Inc. conducted a security audit of Spark, a decentralized exchange (DEX) built on the Fuel blockchain. The audit revealed generally high-quality code but identified several areas for improvement, ranging from medium to informational severity. **Key Findings:** * **Medium Severity:** 1. **Storage Update Issue:** `increase_user_volume` function failed to persist changes, affecting protocol fee computation. *(Resolved)* 2. **Front-Running Vulnerability:** Matching orders could be front-run, potentially undermining fairness. *(Acknowledged)* * **Low Severity:** 1. Lack of restrictions on order input length in functions like `match_order_many` could lead to gas exhaustion. *(Informed)* 2. Incorrect handling of GTC orders in `fulfill_order_many` led to unintended cancellations. *(Resolved)* * **Informational Severity:** 1. Lack of documentation impedes auditability and maintenance. *(Unresolved)* 2. Dead code and unused imports found in multiple places. *(Partially resolved)* 3. Misleading function naming (`log_order_change_info`) suggests logging but doesnā€™t emit events. *(Acknowledged for renaming)* 4. Redundant `require` statement in `order_id` function. *(Unresolved)* **Audit Methodology:** * Static analysis using tools like `sway-analyzer`. * Manual code review. * Functional tests using Sparkā€™s CLI and Fuel testnet deployment. **Severity Breakdown:** * Critical: 0 * High: 0 * Medium: 2 * Low: 2 * Informational: 4 **Recommendations:** 1. Enhance documentation for better clarity on functionality and fee structures. 2. Address identified vulnerabilities, especially around front-running and input validations. 3. Remove or refactor dead code and redundant checks. 4. Improve clarity in function naming and ensure all significant actions emit appropriate logs. **Resolution Status:** The Spark team has fixed all identified issues following the audit, ensuring the security and robustness of the protocol. **Full Report:** Users can read the full report at the following link: {% embed url="" %}