Gambit Finance: Solidity Smart Contract Audit Report

Gambit Finance is a trading protocol that enables users to trade esports player exposure through a friendtech inspired AMM-like bonding curve. The platform features gas-efficient proxy deployments, bonding curve dynamics, off-chain signing, and integration with Aerodrome Router for real-time swaps.

FailSafe was engaged to audit the core contract suite powering Gambit Finance, with emphasis on swap safety, signature domain enforcement, role control logic, and bonding curve correctness. The scope included both user-facing buy/sell flows and backend administrative configuration, with attention to ERC-20 safety, EIP-712 adherence, and role access integrity.

This case study captures the full audit lifecycle, detailing methodology, vulnerabilities discovered, and how they were mitigated. It is intended for protocol engineers and smart contract developers working on modular DeFi systems with signature-based execution and proxy delegation patterns.

Project Details

• Project: Gambit Finance – Esports Token Trading Protocol
• Main Contracts Audited:
  • SigUtilLib: 0xB364c671A8632A96734D5915D5763B6fB1Acd1ab
  • StringsLib: 0xD6a5Db416DFBf42d92aCCa56895F446b3a8E4963
  • BondingCurveLibELS: 0x0a834048A937D0cC30954A53E6b633a3C9d8709e
  • BondingCurveLibUSDC: 0x7A33baAbac54BF40Ce569F15b8cfC7B95DdB509e
  • Core WELS Proxy: 0x18E5C01133c0326a06aFDea0b937514864bDB358
  • Core USDC Proxy: 0x9662f2D98DD5cc276d69ba4756C418035e8f02E2
  • Core Nexus Implementation: 0x7B67eABEFd6F81BAB24b4Ef9aCc78f2659D8eE09
• Timeline: 27th January 2025 – 31st January 2025

Findings Summary

A total of nine critical and medium severity issues were identified in the Core contract, with one informational finding related to bonding curve logic. All issues were resolved by the Gambit team following our recommendations.

ID	Title	Severity	Status
01	Missing Validation on Swap Return Values	High	Resolved
02	Unchecked transferFrom in Token Transfer Logic	Medium	Resolved
03	Unused Return from approve Calls	Medium	Resolved
04	Improper Role Assignment without Access Control Enforcement	High	Resolved
05	Fee Transfers Assume Incorrect Token	High	Resolved
06	Potential for Leftover Token Approvals (Token Drain Risk)	High	Resolved
07	Missing Event Emission in Critical State-Changing Functions	High	Resolved
08	Lack of Input Validation for Address Fields	Medium	Resolved
09	Signature Replay Risk Between Proxy Contracts	Medium	Resolved
10	Comment Mismatch in BondingCurveLibs	Info	Resolved

Detailed Findings

1. Missing Validation on Swap Return Values

Severity: High

Status: Resolved

Overview:

Router swap calls failed to validate that swappedAmount was non-empty. This could lead to undefined behavior or contract reverts.

Fix: Added checks to ensure the array is non-empty before accessing return values.

---

2. Unchecked transferFrom

Severity: Medium

Status: Resolved

Overview:

transferFrom calls did not verify success, risking silent failures with non-standard ERC-20 tokens.

Fix: Wrapped calls with return value assertions.

---

3. Unused Return from approve

Severity: Medium

Status: Resolved

Overview:

approve() calls were not checked for success, risking false assumptions with tokens like USDT.

Fix: Implemented return value validation.

---

4. Improper Role Assignment Without Effect

Severity: High

Status: Resolved

Overview:

Calling setAdminRole() only changed a local variable, not the actual admin role access.

Fix: Replaced logic with proper role granting using OpenZeppelin’s grantRole.

---

5. Incorrect Token in Fee Transfers

Severity: High

Status: Resolved

Overview:

All fee transfers used WELS token even in USDC context, which could lead to failed transactions.

Fix: Switched to using the correct erc20Token dynamically per context.

---

6. Potential for Leftover Token Approvals

Severity: High

Status: Resolved

Overview:

No allowance revocation post-swap, exposing the contract to token drain risks.

Fix: Added logic to reset approvals to zero after swaps.

---

7. Missing Event Emission

Severity: High

Status: Resolved

Overview:

Critical functions lacked emit statements, reducing observability and traceability.

Fix: Events added to all state-changing and swap-related functions.

---

8. Lack of Input Validation

Severity: Medium

Status: Resolved

Overview:

Functions like addAddrs and updateAddr accepted zero addresses, risking contract instability.

Fix: Added require(addr != address(0)) validations.

---

9. Signature Replay Across Proxies

Severity: Medium

Status: Resolved

Overview:

EIP-712 domain separator lacked verifyingContract, allowing signatures to be reused across proxies.

Fix: Included address(this) in domain separator to bind signatures to contract instances

---

10. Comment Mismatch with Logic

Severity: Info

Status: Resolved

Overview:

Code comments did not align with logic in getBuyPrice(), referencing supply + amount while using a fixed getPrice() call.

Fix: Comments were updated to reflect actual implementation.

---

Best Practices

• Replaced all unsafe abi.encodePacked calls with abi.encode to avoid collision risks in off-chain signing.
• Ensured swap functions reject stale signatures by enforcing timestamp checks with ±5 minute tolerance.
• Updated frontend to trigger signature API calls immediately on user confirmation to avoid Signature expired errors.

Conclusion

The Gambit Finance audit revealed important issues across token handling, proxy safety, and administrative access. FailSafe’s recommendations were implemented quickly and thoroughly by the Gambit team, leading to a robust and transparent esports trading protocol.

This audit showcases how systems dealing with signature flows, swap orchestration, and proxy logic must enforce best practices such as strict input validation, domain-specific signing, and comprehensive event logging to ensure protocol integrity.

Get a quote in 1 hour!