.svg)
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and access control. The general subjects covered are testing, documentation, gas efficiency, and upgradeability.
Security regarding most of the above is improvable.
Further, readers are advised to carefully read the report as several findings remain where the risk was accepted. Below the most notable ones are listed:
- The loss realization process is improvable, see totalAssets() Can Revert and Loss Realization Process, Inaccurate Loss Realization and Loss Realization Can Be DoSed.
- Users can be penalized even when their cooldown window has passed, see Users Outside of Cooldown Penalized.
Additionally, the tests are insufficient as several issues could have been caught by testing more extensively.
Hence, security regarding and quality regarding the aforementioned subjects is improvable. In summary, we find that the codebase provides an improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Syntetika HilBTC
Syntetika implements an ERC-20 token, hBTC, that is a synthetic BTC. The custodian can use the underlying funds to generate yield which is then forwarded to hBTC stakers whose staking shares are tokenized as shBTC.