.svg)
Summary
The most critical subjects covered in this audit are integration correctness and possibilities for adversarial interference. Integration correctness is good. In earlier iterations, the implementations adhered to official Centrifuge and Pareto documentation, but failed to account for edge cases such as instant withdrawal paths, which can lead to lost funds, see Unhandled Pareto Instant Withdrawals and Fulfilled Deposit Stuck After cancelRequest Races With approveDeposits. These issues have been resolved.
Regarding adversarial interference, we identified concerns such as Spammed Centrifuge Fund Cannot Progress, which has since been resolved. Security regarding adversarial interference is good.
The general subjects covered are documentation. The documentation is good. 3F provides extensive documentation for the new integrations, including specifications of the integrated actions and their expected state transitions within the asynchronous lifecycle.
In summary, we find that the codebase provides an improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About 3F's Grunt Funds
3F implements additional fund modules for the Grunt protocol, adding Centrifuge and Pareto as new collateral types with asynchronous settlement, enabling users to create on-chain leveraged positions backed by a broader range of asynchronous yield sources.