Security is a key focus for Fenix. The DEX has a modular structure that is composed of contracts that have undergone extensive auditing and bounty programmes. Fenix inherits an extensively tested codebase originating from the Solidly protocol deployed on Fantom in 2022. There have been no security related incidents involving these contracts since launch. More specifically, Fenix inherits the Thena implementation that has undergone V1 and V2 updates that were audited by Peckshield and OpenZeppelin respectively. No open security incidents have been seen to date. The Algebra Integral V4 Engine that powers the UNIV3 and plugin/hook functions on Fenix has undergone multiple audits including a recent entire codebase audit by Paladin. To date Algebra has experienced no vulnerabilities. The Fenix Liquidity Hub is a fork of the UniswapX contract that was audited by OpenZepplin and is described as having a high level of security. The Fenix asymmetric liquidity AMM for automated trading strategies built by Bancor has undergone in depth ChainSecurity and PeckShield audits. The codebase was found to provide a high level of security and additionally is subject to a bounty.

Hats Finance Bug Bounty Contest

Fenix recently completed a bug bounty contest by Hats Finance where up to $40,000 was offered to security researchers to identify issues within the codebase.

Below is a list of fixes of the audit/bug bounty conducted for Fenix:

[HIGH] Adversary can steal all bribe rewards

[HIGH] First liquidity provider of a stable pair can DOS the pool

[Medium] Protocol fees collected in PairFees are lost due to accrued yield

[Low] GaugeFactoryUpgradeable.setDistribution() would revert due to incorrect access control

[Low] Missing events for functions that change critical parameters

If you identify any vulnerabilities in our code, please open a ticket directly on our Discord channel or DM us directly via Twitter and the team will be happy to discuss an appropriate resolution.

Last updated