Summary
The most critical subjects covered in our audit are accounting correctness, reentrancies, and interactions with Stability Pools. In Version 3 , security regarding all the aforementioned subjects is high. The possibility of value extraction through self-liquidations has been mitigated. Issues regarding the interaction with Liquity V2 Stability pools that were present in Version 1 have been fully remediated. The logic in Liquity V2 Stability Pools has been modified between Version 2 and Version 3 of this codebase. A minor integration issue is introduced by the new Stability Pool logic (withdraw fail because stability pool cannot be emptied).
The general subjects covered are testing, price conversions, fees, and ERC-4626 compliance. Testing is improvable, a number of issues were uncovered that should have been found through testing. Incorrect price conversions, inconsistent handling of fees, and low ERC-4626 standard compliance have all been addressed and are now appropriate.
In summary, we find Version 3 provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About sBOLD
K3 Capital implements sBOLD, an ERC4626 vault that deposits BOLD into Liquity V2 stability pools, providing a tokenization and asset allocation layer on top of Liquity V2 Stability Pool deposits.