Back to Overview
Quotation mark icon

ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.

0xMikko
Inventor of Gearbox Protocol

Gearbox V3.1 Integrations

download report

Summary

The most critical subjects covered in our audit are the functional correctness of the contracts, the adapter configuration, the movement of the assets, and the interaction with the rest of the Gearbox system. Changes between v3.0 and v3.1 of the core and their interaction with systems outside of the core, including the interaction with adapters in the scope of this review, are out of scope. Security regarding all the aforementioned subjects is high.

In Version 11, we have identified some issues regarding the Upshfit integration. Under certain conditions, the delay enforced by Upshift Vault can interfere with the expected liquidation flow, potentially leading to unexpected or increased loss for the liquidity providers. Gearbox Protocol accepted the risk and stated that it will be mitigated with proper configuration of the system.

The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.

In summary, we find that the codebase would provides a high level of security. The interactions between different components of the Gearbox system are complex. The contracts in this scope have undergone many changes during the review. This in combination with the fact that the reviews are limited in time reduces our confidence in the assessment of the system's security level.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.

About Gearbox V3.1 Integrations

This review focuses on changes of Gearbox Protocol to adapters and integrations interacting with third-party protocols.

“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.

The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”

#Source

external-link