Summary
Our audit focused on critical subjects such as allowances management, integration with xVELO and xERC20 bridges, and interchain account integration for cross-chain actions. Allowance management security was found to be high, as previous concerns regarding arbitrary approvals have been addressed.
In addition, we reviewed general subjects including the correctness of Velodrome pools integration and the general functional correctness of the Router. The security of these general areas was also evaluated to be high, as previous issues with amount calculation for Uniswap V2 have been resolved.
The two notes, Router Allowance Trust Risk and Interchain Account Trust Risk, highlight significant differences in the trust model of the Superswap Router compared to the Uniswap Router. These differences should be carefully considered by users of the router, and when updating the router.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Superswap Router
Velodrome implements an update to the Uniswap Universal Router contract with changes to support velodrome V2, Concentrate Liquidity Pools (CL), bridging tokens and executing arbitrary cross chain actions.