.svg)
Summary
The most critical subjects covered in our audit are access control, the correct integration with the external protocols. The general subjects covered are gas efficiency, documentation and composability.
During our review, several issues were uncovered in the interaction with UniswapV3. Most importantly, the maxSlippage check on operations limiting the relayer was found to be ineffective, see Ineffective maxSlippage check in UniswapV3Lib. Further issues uncovered included Governance Tick Bounds Not Revalidated When Adding Liquidity to Existing Position and Pool/TokenId Mismatch Allows Incorrect Rate Limit Accounting in addLiquidity().
After the intermediate report all reported issues have been resolved. In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Grove ALM Controller
GroveLabs offers Grove ALM Controller, a fork of Spark ALM Controller, that implements a set of on-chain components of the Grove Liquidity Layer designed to manage and control the flow of liquidity between Ethereum mainnet and L2s by leveraging Sky DSS Allocator. This latest review covers v1.8.0 which introduces support to interact with UniswapV3, the Merkl Distributor and usage of CCTPv2 amongst some other refactoring in existing code.