Securing Unich: Softstack’s Smart Contract Audit for OTC Trading

Softstack audited Unich’s OTC smart contracts on EVM & Solana, resolving security risks and optimizing efficiency. Learn how Unich improved its security in our full report.

unichxsoftstackaudit

Client

Unich

Project

OTC trading platform

Industry 

Web3

Service

smart contract audit

Security is the foundation of blockchain and decentralized applications (dApps), especially in decentralized finance (DeFi), where smart contract vulnerabilities can lead to major risks.To strengthen security, softstack conducted a comprehensive smart contract audit for Unich, a decentralized OTC trading platform. The audit covered both Ethereum Virtual Machine (EVM) smart contracts and Solana programs, ensuring that Unich offers a secure, efficient, and transparent trading environment.

About Unich

Unich is a decentralized over-the-counter (OTC) trading platform, offering secure, peer-to-peer asset exchanges without intermediaries. By leveraging Web3 technology and cross-chain interoperability, Unich streamlines OTC trading across multiple markets, including:

  • Pre-Market OTC: Trade tokens before TGE
  • Point-Market OTC: Trade points before conversion
  • Options OTC-Market: Decentralized derivatives trading


Through interoperability and cross-chain trading, Unich is positioning itself as a leader in decentralized OTC solutions, enabling trustless and efficient transactions.

Audit Scope and Methodology

Softstack’s audit focused on evaluating the security, functionality, and efficiency of Unich’s smart contracts and Solana programs. The key areas of assessment included:

1. Security Vulnerabilities & Risk Levels

  • Critical Issues: Could break contract functionality and pose security threats.
  • High Issues: May allow unintended behaviors that compromise functionality.
  • Medium Issues: Affect contract behavior in specific scenarios.
  • Low Issues & Informational: Minor inconsistencies that could improve efficiency and clarity.

2. Code Review & Testing Approaches

  • Manual Line-by-Line Review to detect vulnerabilities.
  • Automated Security Testing using symbolic execution and test coverage analysis.
  • Best Practice Checks ensuring compliance with industry standards.
  • Attack Scenario Simulations to assess potential exploits such as reentrancy, front-running, and logic failures.

Key Findings and Resolutions

softstack’s audit of Unich’s OTC smart contracts uncovered security gaps and optimization opportunities. Here’s a summary of key findings and improvements:

1. High-Risk Issues (Fixed)

Unchecked Delegatecall in diamondCut

  • Issue: The function diamondCut allowed unrestricted delegatecall, enabling potential storage overwrites and ownership hijacking.
  • Resolution: Implemented validation to restrict initialization contracts and introduced multi-sig approval for critical upgrades.

Reinitialization Vulnerability

  • Issue: The initialize function lacked protection, allowing multiple reinitializations, potentially leading to fund theft.
  • Resolution: Applied OpenZeppelin’s initializer modifier to prevent multiple initializations.

2. Medium-Risk Issues (Fixed/Acknowledged)

Fee/Pledge Rate Inconsistency

  • Issue: The updateConfig function did not validate feeSettle against pledgeRate, leading to calculation errors.
  • Resolution: Introduced checks ensuring feeSettle remains within predefined limits.

Gas Limit Issues in Order Matching

  • Issue: Inefficient transaction execution caused excessive gas costs in certain scenarios.
  • Resolution: Optimized logic to reduce redundant storage operations and streamline execution.

3. Low & Informational Issues (Fixed)

  • Logical inconsistencies in owner removal process
  • Silent error swallowing in cost accounting logic
  • Naming inconsistencies in the codebase

Conclusion: Enhancing Security & Efficiency

With our rigorous auditing process, Unich has significantly fortified its smart contracts, ensuring robust security, optimized gas efficiency, and adherence to best practices. The resolved vulnerabilities and proactive security measures reinforce Unich’s position as a trustworthy and cutting-edge decentralized OTC platform.

By continuously evolving security standards and implementing best-in-class protocols, Unich remains at the forefront of secure decentralized trading.

📌 Want to explore the full audit findings? Read the full report on GitHub

Services we provide

Web3 Development

Web3 Security

Web3 Consulting

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.

unichxsoftstackaudit

Securing Unich: Softstack’s Smart Contract Audit for OTC Trading

Softstack audited Unich’s OTC smart contracts on EVM & Solana, resolving security risks and optimizing efficiency. Learn how Unich improved its security in our full report.
Explore
fijaxsoftstackauditblog

Fija’s Smart Contracts: Audited & Secured

To strengthen DeFi security, softstack audited Fija’s smart contracts—identifying vulnerabilities, enhancing protections, and reinforcing trust.
Explore
bitcoin.comxsoftstackaudit

Auditing Bitcoin.com’s Farming Contracts for Security

Softstack audited Bitcoin.com’s Dynamic Reward Farming contract, enhancing a secure and efficient experience for users. Learn how Bitcoin.com strengthened its Verse ecosystem.
Explore
XRP Ledger Security Audit

Security Auditing Ripple’s Multi-Purpose Token on XRP Ledger.

Explore our XRP Ledger security audit for Ripple's Multi-Purpose Token, ensuring robust implementation and scalable blockchain solutions.
Explore
pantosxsoftstack_infrastructuresecurityaudit2

Security Audit of Pantos Node Infrastructure and Smart Contracts

Discover how Softstack’s in-depth security audit strengthened Pantos’ cross-chain nodes and smart contracts, setting new standards in blockchain interoperability and security.
Explore
tezosxsoftstack

Telegram Mini App SDK

Softstack's t:connect SDK brings Tezos and Etherlink to 800M+ Telegram users, enabling seamless blockchain integration.
Explore

We’re here to be your preferred service partner
for software development, cybersecurity and consulting in Web3. 

Request Audit

EXPLORE

Contact
Career
Press & Branding
Insights

SERVICES

Web3 Development
Web3 Security
Web3 Consulting

EXPERTISE

Ecosystems
Programming Languages
BioHash (BEKI)
Twitter Linkedin Github Telegram Wikipedia-w
hello@softstack.io
Legal Notice   Privacy Policy   Disclaimer

Co-Financed by the European Union – the Federal Government and Land Schleswig-Holstein (GRW)

Copyright © 2017 – 2025 Softstack GmbH. All rights reserved.