About Mento Core V3
Mento offers Mento Core v3, a collateralized debt position (CDP)-backed Foreign Exchange (FX) system. Mento Core v3 implements a Fixed Price Market Maker (FPMM) contract, which offers fixed-ratestablecoin swaps based on oracle prices. The system also includes a separately audited Liquity v2 fork, which allows users to open CDPs for different currencies by depositing USDm tokens and minting stablecoins against them. The FPMM can also use the Liquity fork's StabilityPool and redemptions for rebalancing.
Audit Summary
The most critical subjects covered in our audit are functional correctness, oracle implementation and itsoperational implications, as well as rounding issues. Functional correctness has been improved by addressing Incorrect Redemption Fee Formula in CDPLiquidityStrategy. Rounding directions do not consistently follow best practices (though no specific attack was uncovered), see Rounding Should Favor Protocol LPs. The general subjects covered are documentation and specification, observability, and correctness of preview functions. Documentation is good thanks to detailed descriptions of the Liquity fork and rebalancing flow, although practical liquidity caveats remain, see Forex Market Low-liquidity Considerations. Helper utilities such as the zap parameter generators have known limitations, see ZapParameters Helpers Ignore Price/State Changes. We have also provided Notes on important considerations which can aid in understanding the system. In summary, we find that the codebase provides a satisfactory level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
