# šŸ” Audit Report HashCloak Inc. conducted a security audit of Spark, a decentralized exchange (DEX) built on the Fuel blockchain. The audit revealed generally high-quality code but identified several areas for improvement, ranging from medium to informational severity. **Key Findings:** * **Medium Severity:** 1. **Storage Update Issue:** `increase_user_volume` function failed to persist changes, affecting protocol fee computation. *(Resolved)* 2. **Front-Running Vulnerability:** Matching orders could be front-run, potentially undermining fairness. *(Acknowledged)* * **Low Severity:** 1. Lack of restrictions on order input length in functions like `match_order_many` could lead to gas exhaustion. *(Informed)* 2. Incorrect handling of GTC orders in `fulfill_order_many` led to unintended cancellations. *(Resolved)* * **Informational Severity:** 1. Lack of documentation impedes auditability and maintenance. *(Unresolved)* 2. Dead code and unused imports found in multiple places. *(Partially resolved)* 3. Misleading function naming (`log_order_change_info`) suggests logging but doesnā€™t emit events. *(Acknowledged for renaming)* 4. Redundant `require` statement in `order_id` function. *(Unresolved)* **Audit Methodology:** * Static analysis using tools like `sway-analyzer`. * Manual code review. * Functional tests using Sparkā€™s CLI and Fuel testnet deployment. **Severity Breakdown:** * Critical: 0 * High: 0 * Medium: 2 * Low: 2 * Informational: 4 **Recommendations:** 1. Enhance documentation for better clarity on functionality and fee structures. 2. Address identified vulnerabilities, especially around front-running and input validations. 3. Remove or refactor dead code and redundant checks. 4. Improve clarity in function naming and ensure all significant actions emit appropriate logs. **Resolution Status:** The Spark team has fixed all identified issues following the audit, ensuring the security and robustness of the protocol. **Full Report:** Users can read the full report at the following link: {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.v12.trade/security/audit-report.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.