.svg)
Summary
The most critical subjects covered in our audit are functional correctness, asset security, and mathematical precision. Security regarding all the aforementioned subjects is good. The high severity issue and all medium severity issues have been addressed in the reviewed codebase.
Most severe is the possibility to extract donations from the pool, which was mitigated as described in the Donations Can Be Extracted issue. The corrected medium severity issues include Donations can be directly absorbed by the pool, Ramping can break the pool, and Last part of ramping can be extracted. The latest reviewed version also introduced policy integration issues.
Policy callbacks can be skipped by underfunding the capped call allowed a caller to deliberately avoid synchronizing the external policy after a balanced withdrawal, and Policy and pool timestamp drift on policy state updates could make the pool and external policy contract reason from different elapsed-time assumptions. Both medium severity policy issues were corrected in the reviewed codebase. Policy target prices can pass LP protection while mispricing the pool was partially corrected by bounding policy-provided targets, but the policy contract should still be treated as part of the system's trust boundary and operational risk model.
Additional areas evaluated include fee computation, correct integration of StableSwapMath, policy-controlled rebalancing, ramping behavior, and specification adherence. Security regarding these subjects is good. Most low severity issues were corrected, including calc_token_amount applies withdrawal fees in the wrong direction and Ramping pool can become stuck at the imbalance boundary.
The remaining low severity issues are either risk accepted or partially corrected. These include the accepted risks around Donations can be extracted with swaps, Griefing attack on liquidity additions, and Parameters check mismatch, as well as the partially corrected issues Admin is able to DoS the system and Policy target prices can pass LP protection while mispricing the pool.
The overall security of the system heavily depends on the configuration and use, especially as there are multiple smaller acknowledged or risk-accepted issues that, in most conditions, are irrelevant to the normal operation of the pool but can become relevant in edge cases or when combined with other issues.
In summary, we would rate the security as good if the remaining recommendations are followed and the pool is monitored and managed accordingly.
Given the extensive complexity of the system, we recommend that the Curve team conduct comprehensive testing, including fuzzing and stateful testing, to ensure the system's robustness.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About fxswap v3
The reviewed system is an updated version of Curve's TwoCrypto protocol. It introduces a new donation mechanism and adopts the StableSwap invariant in place of the CryptoSwap invariant. These changes are designed to enable more aggressive rebalancing using donated tokens and provide better swap price propositions for users.