Back to Overview

Mento Liquity V2

download report
Quotation mark icon

ChainSecurity impressed us with their deep technical understanding of our system and an exceptional level of detail throughout the audit process. Their team’s flexibility and responsiveness made collaboration smooth and efficient — we always felt they were fully invested in helping us strengthen our protocol. We couldn’t be happier with the results!

Philip Paetz
COO
external-link

About Mento Liquity V2

Mento implements a fork of the Liquity v2 protocol, extending its functionality to enable users to open collateralized debt positions (CDPs) by depositing the USDm stablecoin and borrowing non-USD stablecoins against it. Key additions include governance-controlled SystemParams, an upgradableStability Pool that exposes liquidity to external strategies for rebalance operations, and an FX price feed.

Audit Summary

The most critical subjects covered in our audit are functional correctness, system parameters, oracles and implications of the new rebalance functionality. Functional correctness is now high after addressing Batch Manager is not deleted in kickFromBatch. Correctness regarding boundaries for system parameters has been improved after addressing minDebt Bounds Do Not Allow Configuring Low-value Currencies Correctly. Governance choosing correct values continues to be essential to ensure the security of the system. The oracle implementation is secure. However, it is intentionally not available over weekends, which can cause delays in liquidations and leads to Cannot add collateral if market closed. Finally, the new rebalance functionality as well as the permissionless oracle price relaying introduce additional risks and break assumptions of Liquity v2, such as Redistributions Are More Likely To Happen.These risks should be actively monitored. We have also provided Notes on important considerations which can aid in understanding the system. In summary, we find that the codebase provides a satisfactory level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.