Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and compliance with standards. After the review, security regarding all the aforementioned subjects is high. A critical issue leading to the free minting of shares was uncovered in the first review of the codebase and was addressed in the first round of fixes, see Shares can be minted for free. In Version 2 there was an issue regarding the initialization of the system, see Order of Deployment and Initialization.
The general subjects covered are code complexity, gas efficiency, trustworthiness, documentation and specification. Security regarding all the aforementioned subjects is generally good. No specifications were provided regarding management of the funds. Note the strong assumptions made in the TrustModel.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About UltraYield Smart Contracts
Ultra implements UltraVault, an ERC-7540 compliant, managed vault with asynchronous redemption.
"UltraYield is an onchain strategy curator working with top-tier protocols to bring depositor the highest yield possible on the market."