.svg)
Summary
The most critical subjects covered in our audit are escalation of privileges, correctness of integration with Morpho, and functional correctness. Security regarding all aforementioned subjects is high. Earlier versions of the protocol had a number of issues across these categories, all of which have been addressed:
On escalation of privileges, the protocol relies on several privileged accounts that are by design underconstrained in their operations to support a wide range of use cases. As these accounts are controlled by hot wallets, compromising them should not lead to a complete loss of user funds. Earlier iterations contained issues in which the operational freedom of these accounts could be abused to steal user assets (see Facilitator Steals From Other Intents via withdrawManager).
On the integration, the protocol integrates with Morpho Blue markets as a source of liquidity for the leveraged positions. Maintaining leverage requires the project to precompute Morpho state so that its own accounting remains consistent. We identified issues across three dimensions: A) calculations relied on stale market data (see Stale Morpho Market Data); B) calculations did not account for edge-case behavior of Morpho, such as health check during proportional collateral seizure (see Partial Liquidations Fail Health Check) or share price inflation (see Share Inflation via Direct Morpho Collateral Donation); C) rounding mismatches between the Grunt's calculations and Morpho (see Partial Pre-Liquidations Revert Due to Rounding Mismatch With Morpho).
In terms of functional correctness, earlier iterations contained issues such as incorrect debt accounting in share burning (see Burn Divides by Total Debt), NAV miscalculation due to bad-debt inclusion (see NAV Calculation Includes Bad Debt Positions), and a griefing vector that could permanently block repayment (see Permanent Blocking of Setting Status to Repaid).
The general subjects covered are documentation, trustworthiness, and integrations. Security regarding documentation is high, with extensive documentation available to explain code architecture and user flows. Security regarding trustworthiness is improvable, as key functionality of the protocol is heavily dependent on the liveness of privileged roles and their correct behavior. Users must trust these accounts to act dutifully and promptly if they want to invest into the leveraged positions. Further, any protocol integrating Grunt position manager shares must account for the possibility of share price inflation, see Share Price Inflation Possible Despite Mitigation.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About 3F's Grunt
3F implements Grunt, a protocol enabling access to on-chain leveraged strategies with assets having asynchronous settlement.