Back to Overview

TrueFi Fluorine Smart Contracts Security Audit


The most critical subjects covered in our audit are asset solvency, functional correctness and front-running resilience. Functional correctness has improved to a good level after the deficit calculation has been fixed in the underlying Carbon contracts, fixing a Wrong distribution of unpaid fees in repay(). Certain configurations and behaviors by the manager of a vault can enable a Sandwich attack on updateState which allows an attacker to extract value out of the protocol. It is therefore detrimental that managers disable withdrawals and/or deposits in Live state as soon as such attack vectors open up.

The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is high and the system can be in many different states which might require different handling, and thus our confidence in that regard is limited.

In summary, we find that the codebase provides a good level of security. Since the project is deeply intertwined with another TrueFi project, we would also like to refer to the note Relevant concerns of TrueFi Carbon smart contract audit report which details concerns that are also relevant for this project.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About TrueFi Fluorine Smart Contracts

TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.

“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”


Chainsecurity did an absolutely amazing job working with us. The team is very knowledgeable, solid, and professional in every way. They definitely rank among the leaders of the space.
Justyna Broniszewska, Head of Engineering