Pessimistic
Sovryn Security Review
Summary of the security review of smart contracts of Sovryn project
Disclaimer: The audit does not give any warranties on the security of the code. One audit cannot be considered enough. We always recommend proceeding with several independent audits and a public bug bounty program to ensure the security of smart contracts. Besides, security audit is not an investment advice.
Summary: In this report, we considered the security of four pull requests for smart contracts of Sovryn project without reviewing the project itself. We performed our audit according to the procedure described in the full version of the report.

The initial audit of 4 pull requests showed a vulnerability (critical issue) and a few code style issues.

In the latest pull requests, the vulnerability and two code style issues were fixed.

However, the project includes contracts of enormous size, up to a point where it causes out of gas and stack too deep issues. This affects how new changes are implemented, complicates development, and creates a long-term risk for the project.

General Recommendations: We recommend refactoring the code. All large smart contracts should be split into smaller parts, their logic should be simple and transparent. We also recommend using linters and static code analyzers

The full version of the report can be found in our Github:
Sovryn Security Review by Pessimistic
This audit was performed by Pessimistic