Drift Protocol

Findings · 20

1. 1 Lack of build instructions Informational
2. 2 Inadequate testing Informational
3. 3 Invalid audit.toml prevents cargo audit from being run Informational
4. 4 Race condition in Drift SDK Undetermined
5. 5 Loose size coupling between function invocation and requirement Informational
6. 6 The zero-copy feature in Anchor is experimental Informational
7. 7 Hard-coded indices into account data Informational
8. 8 Missing verification of maker and maker_stats accounts Undetermined
9. 9 Panics used for error handling Informational
10. 10 Testing code used in production Undetermined
11. 11 Inconsistent use of checked arithmetic Undetermined
12. 12 Inconsistent and incomplete exchange status checks Medium
13. 13 Spot market access controls are incomplete Informational
14. 14 Oracles can be invalid in at most one way Informational
15. 15 Code duplication Informational
16. 16 Inconsistent use of integer types Informational
17. 17 Use of opaque constants in tests Informational
18. 18 Accounts from contexts are not always used by the instruction Informational
19. 19 Unaligned references are allowed Informational
20. 20 Size of created accounts derived from in-memory representation Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.