Summary
The most critical subjects covered in our review are functional correctness and access control. Initially, security regarding functional correctness was improvable, while security regarding access control was satisfactory. A set of severe issues were introduced in the initial versions of the codebase, mainly from two changes:
1. The debt token BaseFeeLMA was using 6 decimals
2. The Base fee oracle returned a price with 1 decimal and the token pair BaseFeeLMA:ETH
These changes were not reflected consistently in the codebase, hence breaking multiple pre-existing functions. These issues have been resolved in the final version.
In Version 4 of the codebase a new functionality to enforce a system-wide withdrawal limit was added. The implementation of this functionality introduced a set of new bugs, the most severe being Liquidations are blocked from Withdrawal Limit. These findings have been resolved in the final version.
The general subjects covered are trustworthiness, documentation, and testing. Security regarding trustworthiness have been improved throughout the review, but privileged roles in non-core contracts can still block user operations, see Trust Model and Roles. Documentation and specification are improvable and can be extended to describe the changes more thoroughly and systematically. The testing suite has been enhanced in the later iterations, but testing remains improvable. The tested contracts do not always match the deployed contracts (i.e. HogToken on Base) and not all code paths are covered by tests. Hence, we recommend further testing.
The final code version has some lower severity findings were (partial) risks have been accepted (seeOpen Findings).
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Hedgehog Protocol
Hedgehog implements a hedging instrument for the change of the base fee on Ethereum mainnet. Hedgehog has forked Liquity v1 and adapted the smart contracts to implement the gas derivative used for hedging. This review was limited to the smart contract modifications applied by Hedgehog, under the assumption of Liquity's codebase being safe. However, it is important to acknowledge that any potential bug in Liquity could impact Hedgehog too.
"Hedgehog is an infrastructure for on-chain native derivatives, starting with Modular Synthetic Blockspace. Focusing on L2 rollups, validators, and AA paymasters, while providing trading opportunities for speculators and MEV searchers on speculating and hedging Basefee."