Runtime Verification Audits AshSwap Protocol

Posted on February 1st, 2023 by Runtime Verification
Posted in Audits

Runtime Verification Audits AshSwap Protocol

Runtime Verification is pleased to announce the AshSwap audit completion. AshSwap is a platform built over the MultiversX blockchain that allows users to swap and also stake their stablecoins to obtain liquidity pool tokens, granting the users the benefit of receiving a portion of the fees of operations performed on the protocol.

Audit Scope

The AshSwap protocol offers users several benefits for staking. Users who stake in the protocol gain liquidity tokens, which can be used to enter AshSwap’s yield farms. Users are rewarded with the platform’s ESDTs, the ASH token, by participating in these farms. These tokens, in turn, can be committed to a voting escrow for up to 4 years, and by providing their tokens, users are awarded voting rights and power in the protocol's governance.

Another benefit of committing their ASH is that users can boost yields in the platform’s yield farm, meaning that the greater the voting power of a user, the higher the rewards obtained from the platform’s yield farm.

The audit scope included the entirety of the protocols on-chain smart contracts -

  • Pool contract: implements the platform's core functionalities of liquidity pools, enabling the swapping and staking of assets. These operations are performed by following the stableswap invariant methodology.
  • Router contract: implements the manager of pool contracts. The router is responsible for deploying, properly setting, and updating new pools while also collecting administrative fees that are forwarded to the fee distributor contract;
  • Farm contract: implements the functionalities for yield farming in the AshSwap protocol, including the deposit and withdrawal of liquidity tokens, burning and minting of the ASH meta ESDT token, and distribution of the farm rewards;
  • Voting escrow contract: implements the functionalities necessary for locking the tokens for a user-defined amount of time, which can reach up to four years, while also recording the voting power of the user in an address-to-balance map format, which is made available for checking by the contract. The user’s balance, or voting power, is often referred to as the user’s veASH;
  • Fee distributor contract: implements the necessary functionalities for the distribution of administrative fees among the owners of veASH;
  • Rewarder contract: implements the necessary functionalities for distributing the aggregated rewards generated by the farm contract.

The audit scope is limited to the Rust source code of the on-chain smart contracts. The native MultiversX libraries used in the protocol, tests, deployment scripts, and any off-chain related code were outside the scope of the audit. A detailed list of all the contracts, libraries, and interfaces audited can be found in the report.


Runtime Verification conducted a manual code review for a period of 8 weeks, and delivered a detailed report on January 11th, 2023.

The first step of the audit process consisted of a thorough review of the business logic of the protocol. To this end, a high-level abstraction of the logic was created to understand it better. During this process, rounds of discussions with the AshSwap team took place concerning the implementation.

Next, an initial review of the code took place. For this step, a more high-level approach was used to understand how the code implemented the desired features of the protocol. During this phase, the implementation of the protocol is cross-checked with the description of the features provided by the AshSwap team to ensure that all desired behaviors are presented correctly and that no additional and undesired behaviors present themselves as well.

Finally, a detailed review of specific operations of the code took place. Specifically, close attention was given to complex mathematical operations performed by the protocol to ensure they functioned as expected.


The audit identified some issues along with some informative findings. Although a formal review of code fixes was outside the scope of the audit, a best-effort review was conducted on some of the code changes.

Readers interested in a more detailed and technical explanation of the findings can review the full report in our GitHub repository.

About AshSwap

AshSwap is the first decentralized exchange built on the MultiversX blockchain that allows users to trade between stable assets with high volume and small slippage. As Elrond grows to become the infrastructure of DeFi, more types of stablecoins will flow in, and users will need a place to swap them.

About Runtime Verification

Runtime Verification is a technology startup based in Champaign-Urbana, Illinois. The company uses formal methods to perform security audits on virtual machines and smart contracts on public blockchains. It also provides software testing, verification services, and products to improve the safety, reliability, and correctness of software systems in the blockchain field.