Axelar engaged Ackee Blockchain to review and audit the Crosschain-Dex (private repository) between May 31 and June 3, 2022. The entire audit process was conducted with a total time commitment of 4 engineering days. We now publish a summary of our results.


We start by reviewing the specifications, sources, and instructions provided to us, which is essential to ensure we understand the project’s size, scope, and functionality. This is followed by due diligence using the automated Solidity analysis tools and Slither.

In addition to tool-based analysis, we continue with a detailed manual code review, which is the process of reading the source code line by line to identify potential vulnerabilities or code duplications. When the code review is complete, we run unit tests to ensure the system works as expected and potentially write missing unit or fuzzy tests. We also deploy the contracts locally and try to attack and break the system.


We started with the commit 5739e73bcfa469c2822c59b76d73ffb1cbf213c5 of the Crosschain-Dex repository, but during the audit the code was changed slightly to improve readability, so the final commit was faedfd700ccc0c004cd204059c68d88e109cf4ee.


Here we present our findings.

Critical severity 

No critical severity issues were found.

High severity 

H1: Unhandled return value

Medium severity

No medium severity issues were found.

Low severity

L1: Payload manipulation

L2: Unchecked transfer

Warning severity

W1: Code duplication

W2: Renounce ownership

W3: Missing unit tests

W4: External mint function

Informational severity 

I1: Commented out code

I2: State variable access

I3: Missing code documentation


Our review resulted in 10 findings ranging from Informational to High severity.

Generally, we can state that the code quality is good and smart contracts are easy to read. One of the biggest concerns we identified is the lack of unit tests, which should be essential for every development.

Our conclusions regarding the Crosschain-Dex project:

  • missing unit tests
  • potentially dangerous low-level calls and assembly code
  • code quality is good but duplications should be removed
  • documentation provided is sufficient for audit
  • code documentation is missing

After the audit, we recommended Axelar to:

  • address all reported issues.

Update: On June 7, 2022, Axelar provided an updated codebase that addresses the reported issues. All findings were acknowledged and some of them (H1, L2, W1, W2) were fixed.


Ackee Blockchain’s full Crosschain-Dex audit report with a more detailed description of all findings and recommendations can be found here.


We were delighted to audit Axelar and look forward to working with them again.