Powered by zero-knowledge technology, SyncSwap brings more people easy-to-use and low-cost DeFi with complete Ethereum security.

Risk Rating

Moderate Risk
Assessment: 2024-03-25
Risk Assessment
Security History

Overall Score

  • Assessor
    Kop, supergu
  • Assessment Date
Not yet undergone Underwriting review

SyncSwap presents a mixture of strengths and weaknesses. Positively, it features a non-upgradable smart contract for security, user-friendly documentation, a battle-tested AMM formula based on Curve and Uniswap, and a strong community backing. On the downside, risks include contract ownership by an EOA, creating a security vulnerability, the complexity and risks from flash loan support, lack of transparency regarding the team, and the absence of a decentralized governance system.


The AMM formula, influenced by Curve's model, has undergone extensive battle testing.
Common attacks have been successfully mitigated, showcasing strong security measures in place.
Despite the AMM formula being battle-tested, the project, launched a year ago, has not yet undergone extensive real-world testing to validate its resilience and security.
Support for flash loans introduces additional complexity and associated risks to the system.


The protocol boasts a significantly large community, indicating a robust level of engagement and interest from users.
Details regarding the team members and founders are not publicly disclosed, leading to a lack of transparency about the project's leadership.
A decentralized governance system is currently not established within the protocol.


The smart contract is designed as non-upgradable, which inherently reduces the risk associated with post-deployment modifications.
High contract activity indicates robust user engagement and a healthy operational state.
The ownership of the contract is assigned to an EOA, presenting a potential security vulnerability due to the risk of private key exposure.
The absence of a bounty program could limit the discovery and resolution of potential security vulnerabilities, reducing the protocol’s defensive capabilities.