Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and precision of arithmetic operations. Security regarding asset solvency is high. Security regarding functional correctness is satisfactory, however users should be aware that the rare event of redeployment of PowerToken might cancel their token transfers or inflations in the last two epochs before the redeployment event, see Side-effects of Resets. Precision of arithmetic operations is improvable due to the rounding errors in the PowerToken that accumulate over time, see Effects of Roundings in PowerToken.
The general subjects covered are code complexity, use of uncommon language features, and gas efficiency. The code-base extensively employs assembly code to manually compute storage slots for array entries. While no specific issues have been detected with this usage, it is worth noting that this approach bypasses the safety features implemented by Solidity. The code-base can be more efficient in terms of gas, see Gas Optimizations.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About M^ZERO Protocol and Governance
M^ZERO Labs implements a stablecoin (MToken) backed by real-world assets, like T-bills, along with a Two-Tokens Governance system (TTG).