Summary
Our audit focused on critical subjects such as allowances management, integration with xVELO and xERC20 bridges, and interchain account integration for cross-chain actions. Allowance management security was found to be high, as previous concerns regarding arbitrary approvals have been addressed.
In addition, we reviewed general subjects including the correctness of Velodrome pools integration and the general functional correctness of the Router. The security of these general areas was also evaluated to be high, as previous issues with amount calculation for Uniswap V2 have been resolved.
The two notes, Router Allowance Trust Risk and Interchain Account Trust Risk, highlight significant differences in the trust model of the Superswap Router compared to the Uniswap Router. These differences should be carefully considered by users of the router, and when updating the router.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Superswap Router
Velodrome implements an update to the Uniswap Universal Router contract with changes to support velodrome V2, Concentrate Liquidity Pools (CL), bridging tokens and executing arbitrary cross chain actions.
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are error handling, gas efficiency, and correct integration with the CreateXfactory. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Verified ERC20
Velodrome implements the VerifiedERC20 system, which provides enhanced ERC20 tokens with pluggable hook functionality. The system is designed to be modular, such that new hooks can be later added, and comes with a set of hooks already implemented.
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
.png)
Summary
The most critical subjects covered in our audit are access control, functional correctness, and Denial-of-Service vectors.
Security regarding access control is high, after an issue that allowed bypassing the token-gating system has been fixed, see Subscription Can Be Passed Around. Functional correctness is high, after issues with the royalty implementation has been fixed, see Royalty Payments With Native Tokens Break Marketplace Integrations. Security regarding Denial-of-Service vectors is high after the previously implemented refund mechanism was removed, see Refund Mechanism Can Be Abused to DOS a Series.
A general subject covered is gas efficiency. Gas efficiency was improved, see Burning Can Increase Withdraw Gas Cost and Gas Optimizations.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Neulock Smart Contracts
Studio V implements a storage contract to be used with an on-chain password manager. The access to the contract is gated through an NFT contract, with a points system attached.
ChainSecurity approached our audit with exemplary professionalism and depth. Their team’s competence and thoroughness sharpened every aspect of our codebase, guiding us toward a cleaner, more correct implementation. Just as important, they were fantastic people to collaborate with: responsive, clear, and genuinely invested in our success. Thanks to their work, Neulock’s security posture is stronger than ever.on our security audit.
Lucas Neves, author of Neulock Web3 Password Manager
Summary
The most critical subjects covered in our audit are access control, functional correctness, and precision of arithmetic operations. The general subjects covered are documentation, specifications, and gas efficiency.
Security regarding all aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDD Smart Allocator Smart Contracts
Decentralized USD implements smart contracts for onboarding Smart Allocator as collateral for the USDD 2 system. The new contracts allow trusted Smart Allocator lenders to borrow USDD stablecoins against these assets, while managing debt repayment and liquidation.
Summary
The most critical subjects covered in our audit are security, functional correctness and seamless integration with the existing system. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky smart contracts
Sky implements a rebranded version of the MKR token and an immutable converter with a fixed conversion rate. The converter functions by minting and burning tokens. The new governance token is ERC-20 compliant and the converter allows for permissionless conversion between MKR and SKY tokens.
--
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
.png)
.svg)
Summary
The most critical subjects covered in our audit are external integrations with UMA and the ConditionalToken Framework, solvency such that refunds from a game are not spent by another game, and functional correctness of the state transitions, also with respect to asynchronous callbacks and admin actions. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, testing, missing refunds, Denial of Service attacks and front-running. Security regarding all the aforementioned subjects is high. Documentation regarding the state transitions is expanded out in the following System Overview. During the review, an issue in the UMA protocol has been uncovered that could have affected the Polymarket contracts. The issue has been resolved with the collaboration of UMA.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About UMA Sports Oracle
Polymarket implements UMA Sports Oracle, a smart contract that allows the creation of conditional tokens for bets on sport games. Several types of bets are possible for a given game. UMA Sports Oracle allows querying the game result only once in the UMA Optimistic Oracle to resolve the outcome of several bets.
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead
Summary
The most critical subjects covered in our review are functional correctness and access control. Initially, security regarding functional correctness was improvable, while security regarding access control was satisfactory. A set of severe issues were introduced in the initial versions of the codebase, mainly from two changes:
1. The debt token BaseFeeLMA was using 6 decimals
2. The Base fee oracle returned a price with 1 decimal and the token pair BaseFeeLMA:ETH
These changes were not reflected consistently in the codebase, hence breaking multiple pre-existing functions. These issues have been resolved in the final version.
In Version 4 of the codebase a new functionality to enforce a system-wide withdrawal limit was added. The implementation of this functionality introduced a set of new bugs, the most severe being Liquidations are blocked from Withdrawal Limit. These findings have been resolved in the final version.
The general subjects covered are trustworthiness, documentation, and testing. Security regarding trustworthiness have been improved throughout the review, but privileged roles in non-core contracts can still block user operations, see Trust Model and Roles. Documentation and specification are improvable and can be extended to describe the changes more thoroughly and systematically. The testing suite has been enhanced in the later iterations, but testing remains improvable. The tested contracts do not always match the deployed contracts (i.e. HogToken on Base) and not all code paths are covered by tests. Hence, we recommend further testing.
The final code version has some lower severity findings were (partial) risks have been accepted (seeOpen Findings).
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Hedgehog Protocol
Hedgehog implements a hedging instrument for the change of the base fee on Ethereum mainnet. Hedgehog has forked Liquity v1 and adapted the smart contracts to implement the gas derivative used for hedging. This review was limited to the smart contract modifications applied by Hedgehog, under the assumption of Liquity's codebase being safe. However, it is important to acknowledge that any potential bug in Liquity could impact Hedgehog too.
"Hedgehog is an infrastructure for on-chain native derivatives, starting with Modular Synthetic Blockspace. Focusing on L2 rollups, validators, and AA paymasters, while providing trading opportunities for speculators and MEV searchers on speculating and hedging Basefee."
Working with Chainsecurity was a great experience. They were sharp, thorough, and easy to work with. Felt more like a partner than just an auditor, especially valuable given the complexity of Hedgehog Protocol and Synthetic Blockspaced.
Esko Koivula, CEO at Hedgehog Protocol
Summary
The most critical subjects covered in our audit are functional correctness, correct integration with the external system, and front-running. The general subjects covered are gas efficiency and access control.
Security regarding all the aforementioned subjects is high. The most notable issue Unpriced left tickets, resulting in computing incorrect position values, has been resolved.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XXIV
Enzyme Foundation implements an upgrade for the Stakewise v3 external position to add support for newer versions of Stakewise v3 vaults while disabling the support for versions supported previously. Note that the upgrade is required due to breaking changes in Stakewise v3 that were not covered in the initial review of the Stakewise v3 external position.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
.png)
Summary
The most critical subjects covered in our audit are multi-chain state consistency, functional correctness, Hyperlane integration, and frontrunning resistance.
The mechanisms ensuring consistent state across chains are robust and deliver a high level of security. The functional correctness is high as issues such as Voting period in epochs can be bypassed by using poke() have been resolved. Similarly, the integration with Hyperlane's bridging mechanism was found to be correct after issues such as Metadata Misuse in Bridges were resolved.
In the second version of the codebase, the mechanism enforcing the ordering of specific types of messages (DEPOSIT and WITHDRAW) was relaxed. This could lead the state of some contracts to be temporarily inconsistent which would lead to accounting issues (Voting power can be temporarily artificially inflated). The issue has been addressed, but it should be noted that the system relies heavily on the assumption that messages from the root to the leaf will be processed within 1 hour.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Superchain Interoperability
Velodrome implements an expansion of Velodrome AMM system to Superchain. With this expansion, the VELO rewards and incentives become available on chains beyond Optimism with the help of Hyperlane.
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
.png)
Summary
The most critical subjects covered in our audit are accounting correctness, reentrancies, and interactions with Stability Pools. In Version 3 , security regarding all the aforementioned subjects is high. The possibility of value extraction through self-liquidations has been mitigated. Issues regarding the interaction with Liquity V2 Stability pools that were present in Version 1 have been fully remediated. The logic in Liquity V2 Stability Pools has been modified between Version 2 and Version 3 of this codebase. A minor integration issue is introduced by the new Stability Pool logic (withdraw fail because stability pool cannot be emptied).
The general subjects covered are testing, price conversions, fees, and ERC-4626 compliance. Testing is improvable, a number of issues were uncovered that should have been found through testing. Incorrect price conversions, inconsistent handling of fees, and low ERC-4626 standard compliance have all been addressed and are now appropriate.
In summary, we find Version 3 provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About sBOLD
K3 Capital implements sBOLD, an ERC4626 vault that deposits BOLD into Liquity V2 stability pools, providing a tokenization and asset allocation layer on top of Liquity V2 Stability Pool deposits.
Summary
The most critical subjects covered in our audit are functional correctness and the synchronization of the state between mainnet and the sidechains.
Functional correctness was improved after a wrong assertion, that could have led to loss of data, was corrected.
The synchronization of data between different chains is sufficient although some caveats in regards to out-of-order execution and partial data transfers should be noted.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Frankencoin CCIP Bridge
Frankencoin implements a bridging system for the ZCHF token as well as some governance mechanisms. ZCHF on chains other than mainnet allow for tokens to be deposited into savings contracts that earn interest. Accrued interest, the interest rate, and governance voting power are asynchronously and permissionlessly transferred between mainnet and the respective sidechains using the bridge.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done! I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin
Summary
The most critical subjects covered in our audit are general liveness of the rollup, denial of services, and user assets safety. Security regarding all subjects is good.
The other general subjects covered are correct usage of Scroll Messenger, access control, and global interaction between the contracts. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
Given the small amount of tests in the codebase, we strongly recommend enhancing the testing suite as several issues found in the audit could have been caught by more extensive testing.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Intmax 2 Smart Contracts
Intmax implements a zk-rollup for private transfers. Liquidity is on/offboarded on Ethereum while the state of the rollup is managed on Scroll.
"INTMAX is an extremely scalable layer for Ethereum transfers that incorporates ethically sound privacy. It is a stateless zkRollup structure, theoretically achieving scalability similar to Plasma and Lightning Network, as envisioned in 2018. By distributing both data and computation costs across users’ devices, INTMAX inherits security from Ethereum while achieving scalability even greater than centralized financial systems using databases."
Summary
The most critical subjects covered in our audit are functional correctness, rounding issues, and correctness of external integrations. The security regarding functional correctness is high, after issues in prior versions were resolved: Zappers can lose user funds. Security regarding rounding issues has been improved after the amount of share inflation was restricted, see Rounding in debt shares calculation can mint unbacked tokens. Security regarding external integrations is high, as issues with Balancer and Leverage Zapper have been resolved: BalancerFlashLoan missing access control and Leverage zappers do not return swap excess.
The general subjects covered are documentation, trustworthiness and code complexity. The project has very extensive documentation. The trustworthiness is high, as the system is designed to be immutable with limited trust assumptions. The system's contracts are very complex, which carries increased risk compared to simpler code.
In summary, we find that the core contracts provide a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Liquity Bold Smart Contracts
Liquity implements Liquity V2, a decentralized stablecoin system with user set interest rates, iterating on Liquity V1.
"Liquity V2 is a decentralized borrowing and stablecoin protocol that builds on the success of V1. It enhances it in several ways to offer the best borrowing experience, a highly resilient Ethereum-native stablecoin (BOLD), and sustainable on-chain yield."
We are very satisfied with ChainSecurity's expertise and thorough reports. It's a highly professional team that we would love to work with again.
Michael Svoboda, CEO @ Liquity AG
Summary
The most critical subjects covered in our audit are functional correctness, rounding issues, and correctness of external integrations. The security regarding functional correctness is high, after issues in prior versions were resolved: Zappers can lose user funds. Security regarding rounding issues has been improved after the amount of share inflation was restricted, see Rounding in debt shares calculation can mint unbacked tokens. Security regarding external integrations is high, as issues with Balancer and Leverage Zapper have been resolved: BalancerFlashLoan missing access control and Leverage zappers do not return swap excess.
The general subjects covered are documentation, trustworthiness and code complexity. The project has very extensive documentation. The trustworthiness is high, as the system is designed to be immutable with limited trust assumptions. The system's contracts are very complex, which carries increased risk compared to simpler code.
In summary, we find that the core contracts provide a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Liquity Bold Smart Contracts
Liquity implements Liquity V2, a decentralized stablecoin system with user set interest rates, iterating on Liquity V1.
"Liquity V2 is a decentralized borrowing and stablecoin protocol that builds on the success of V1. It enhances it in several ways to offer the best borrowing experience, a highly resilient Ethereum-native stablecoin (BOLD), and sustainable on-chain yield."
We are very satisfied with ChainSecurity's expertise and thorough reports. It's a highly professional team that we would love to work with again.
Michael Svoboda, CEO @ Liquity AG
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and frontrunning. The general subjects covered are upgradeability, unit testing, documentation, and trustworthiness. Note that testing is insufficient and that some of the uncovered issues could've been caught by testing.
The most notable findings are:
- The Incorrect Valuation of ERC-4626 that leads to incorrect share prices potentially leading to a loss of funds.
- An Escalation of Privileges that could allow addresses with low privileges to drain the protocol.
- Architectural problems such as Pending Assets Become Claimed During Withdrawal and Insufficient Limitations for Strategies that could have led to DoS scenarios
- Integration issues such as Operator Undelegations Are Not Accounted for that could've led to loss of funds.
-
All issues have been resolved through code corrections or specification change. Some lower severity issues have been acknowledged, and their risk has been accepted.
Additionally, please consult Notes, Assessment Overview and Trust Model and Roles for considerations that could be out of scope.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Mellow Multivault Smart Contracts
Mellow Finance implements an upgrade to the previously audited vaults to support multiple LRTs at once as well as other ERC-4626 compliant protocols. The multivault architecture implements a modular integration framework by leveraging adapters for integrations and strategies for allocations. Given the delayed withdrawals for LRTs, specialized withdrawal queues have been implemented.
"Mellow LRT is an innovative liquid restaking primitive allowing permissionless creation of modular LRTs. Mellow offers a series of vault smart contracts tailored to different risk profiles, managed by LRT curators."
Mellow Protocol has really complex contracts and codebase. Our team was very happy to work with Chainsecurity. We were impressed by the professionalism and depth of the smart contracts study by Chainsecurity. The team's versatile approach helped us improve our codebase's security and effectiveness and added confidence before our protocol launch.
Nick S, contributor @ Mellow Protocol
Summary
The most critical subjects covered in our audit are functional correctness, accounting correctness, and the integration with external systems (Bridge and Morpho vaults).
Functional correctness is good, after missing conversions between asset amounts and share amounts have been fixed, see drainVault Cannot Withdraw All Assets and Missing Asset-Share Conversions in Vaults. Accounting correctness is good, as related issues have been fixed, see drainVault Locks Assets. Security regarding integration with external systems is high.
In summary, we find that the codebase provides a good level of security.The Notes section highlights behavior that users should be aware of.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Polygon Vault Bridge Token
Polygon implements an extension of the Unified Bridge (formerly LxLy Bridge) that enables the bridging of assets that have been deposited into an ERC-4626 yield-generating vault. Additionally, Polygon provides a Native Converter deployed on Layer Y that allows assets that were natively bridged (not via the VaultBridgeToken extension) to be converted to vault-bridged tokens, with the underlying token being bridged back to Layer X.
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
ChainSecurity holds a special place in my heart, only positive experiences with them and they always go above and beyond. During one of our audits, they actually found a bug in an OpenZeppelin contract we were using, 99% of auditors wouldn't bother looking there.
Gretzke.eth, Software Engineering Lead @ Polygon
.png)
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and compliance with standards. After the review, security regarding all the aforementioned subjects is high. A critical issue leading to the free minting of shares was uncovered in the first review of the codebase and was addressed in the first round of fixes, see Shares can be minted for free. In Version 2 there was an issue regarding the initialization of the system, see Order of Deployment and Initialization.
The general subjects covered are code complexity, gas efficiency, trustworthiness, documentation and specification. Security regarding all the aforementioned subjects is generally good. No specifications were provided regarding management of the funds. Note the strong assumptions made in the TrustModel.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About UltraYield Smart Contracts
Ultra implements UltraVault, an ERC-7540 compliant, managed vault with asynchronous redemption.
"UltraYield is an onchain strategy curator working with top-tier protocols to bring depositor the highest yield possible on the market."
We are glad to have chosen Chainsecurity as the first auditor of our UltraYield vault contracts, the quality of the report and the depth of research are excellent. They've managed to find one corner case which could otherwise slip into the contracts, and in general - make the codebase cleaner and easier to maintain in the future.
UltraYield Team
.png)
Summary
The most critical subjects covered in our audit of the circuits are soundness, completeness and zero-knowledge. Several critical issues have been uncovered including:
• Missing constraint on pubkey allows for double spending
• Incorrect exclusion proof circuit allows for double spending
• Multiple Valid Account Trees / Public States after applying the same block
The latest iteration covers refinements in the core circuits, refactored withdrawal circuits and the new claim circuits.
The reviewed code is well-structured and properly documented. Although testing has been continuously enhanced, a thorough stress test on a public testnet is recommended before mainnet launch due to the project’s cutting-edge nature. The circuits are part of Intmax 2, a system which consists of multiple interacting parts. The rollup is managed by a set of smart contracts which have been audited in the ChainSecurity Intmax 2 Smart Contract Audit Report.
In summary, we find that the current codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Intmax 2 ZKP Circuits
Intmax implements a zk-rollup for private transfers using zk proofs to prove state transitions and balances. Smart contracts on Scroll manage the rollup, while smart contracts on Ethereum handle liquidity on- and offboarding.
"INTMAX is an extremely scalable layer for Ethereum transfers that incorporates ethically sound privacy. It is a stateless zkRollup structure, theoretically achieving scalability similar to Plasma and Lightning Network, as envisioned in 2018. By distributing both data and computation costs across users’ devices, INTMAX inherits security from Ethereum while achieving scalability even greater than centralized financial systems using databases."
Summary
The most critical subjects covered in our audit are functional correctness, frontrunning resistance, and integration with other contracts of the system.
Security regarding all the aforementioned subjects is high. Note that the Chief migration requires strong coordination and adherence to timelines to minimize the risk of governance attacks at different migration phases, see Migration Considerations for more details.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky Chief Migration smart contracts
Sky offers deployment and initialization libraries to migrate the existing MCD_ADM (the legacy Chief withMKR as governance token) to a new Chief that uses SKY as governance token.
Sky implements a rate converter (Conv) to facilitate the conversion between rates per second and yearly rates in basis points (BPS).
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subjects covered in our audit are functional correctness, access control and integration with other contracts of the system. The general subjects covered are specification, complexity and unit testing. For the Lockstake implementation, Security regarding all the aforementioned subjects is high.
Before the Governance initializes the Lockstake instance the deployed contracts must be validated carefully. Please refer to note Deployment verification for more details.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Lockstake Smart Contracts
Sky implements a staking framework that allows borrowing against governance tokens as collateral while retaining the ability to delegate their voting power and simultaneously allowing these tokens to be staked to earn yield.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subject covered in our audit is functional correctness. After the intermediate report, all findings have been resolved, hence security regarding functional correctness is high.
The general subjects covered are trustworthiness and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky DSS Emergency Spells
Sky implements DssEmergencySpells, a set of pre-defined emergency spells that bypass the governance delay defined in DSPause to enable prompt governance actions if necessary.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
Limited code reviews are best-effort checks and don't provide assurance comparable to non-limited code assessments or audits. Due to time and scope constraints, they are not exhaustive.
The most critical subjects covered in our review are the non-reentrancy by default option and the raw_create builtin. Security regarding all the aforementioned subjects is high. Moreover, we found that allowing users to turn on the non-reentrancy by default option is a good security measure that benefits language users greatly.
Other general subjects covered include enabling bitwise operators for bytesM, extending as_wei_value to all numeric types, refactoring decorator and pragma parsing as well as other smaller pull requests. Security regarding all the aforementioned subjects is also high.
It is important to note that security reviews are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Vyper Compiler 0.4.2 Pull Requests
This limited review was conducted by one engineer over one week and focused on multiple pull requests of the to-be-released version 0.4.2 of the Vyper compiler.
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and integration into the system. Security regarding all the aforementioned subjects is high.
The general subjects covered are usability and access control. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky VoteDelegate Smart Contracts
VoteDelegate implements a vote delegation system allowing governance token holders to delegate their voting power to delegates.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
.png)
Summary
The most critical subjects covered in our audit are correctness of the minting and burning flow, the implementation of the access control, and the sanitization of the data accounts. Security regarding all the aforementioned subjects is high. Only minor issues have been uncovered which have been addressed.
The general subjects covered are compute unit efficiency of the implementation, the documentation and specification, and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About WBTC Solana Briddge implements a system that allows for minting and burning WBTC on Solana.
WBTC implements a system that allows for minting and burning wBTC on Solana.
"Wrapped Bitcoin (WBTC) unlocks the power of Bitcoin on various blockchains such as Ethereum and Solana, offering interoperability for DeFi use cases."
ChainSecurity has been a trusted audit partner which contributes to the robustness and security of WBTC’s smart contracts. Their thorough audits and clear communication have given our team - and the ecosystem - confidence in every deployment.
WBTC Team
Summary
The most critical subject covered in our audit is functional correctness. The general subjects covered are trustworthiness and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Protego Smart Contracts
Sky implements Protego, a framework for standardizing the deployment of Emergency Spells that drop proposals queued for execution.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subjects covered in our audit are the correct instantiation of all system components, the migration logic of the legacy system, and the upgradeability, configurability, and liveness of the system. In the current implementation, neither the current system (Shutting down a market configurator) nor the legacy system can be fully configured (Legacy CreditManager cannot be fully configured). The migration of the legacy system is underspecified as it's not known which components of the legacy system will immediately be upgraded to newer versions. Moreover, the liveness of the system can be harmed in some cases (Reverting proposals lock cross-chain governance). Finally, upgrading some components of the system is not possible (Factory migration will fail).
The general subjects covered are functional correctness, gas consumption, testing, and documentation and specification. Testing was very limited in the first iteration of the report. This led to a substantial number of functional correctness issues (Timelock transactions can be executed before the ETA) that could have been prevented. Testing was significantly improved in subsequent versions. Some of the operations executed by Governance have very high gas requirements. Documentation is sufficient. However, some parts are underspecified (Signatures On Different Chains).
In summary, we find that the system provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Gearbox Permissionless Smart Contracts
Gearbox implements a new governance system which aims to enable different risk curators to run their own gearbox markets. The new system allows the migration of the legacy system into the new system.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
.png)
Summary
The most critical subjects covered in our audit are asset solvency, function correctness and access control. The general subjects covered are specification and trustworthiness.
The most notable issue uncovered is the possibility of Stealing Operator Rewards. The finding has been addressed through code correction.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Symbiotic Default Rewards
Symbiotic provides default contracts for standardizing the distribution of rewards to operators and stakers.
Reliable and predictably great quality of analysis maintained for years and years now. As close as you can get to “set and forget” with audits.
Misha Putiatin, Co-Founder Symbiotic
Summary
Enzyme Foundation implements an external position for writing call and put options in Myso V3.
The most critical subjects covered in our audit are functional correctness and integration with Myso V3. The general subjects covered are specification, trustworthiness, error handling, and documentation.
In summary, we find that the codebase provides a high level of security. Furthermore, important consideration are outlined in the sections Notes and in Trust Model.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XXIII
Enzyme Foundation implements an external position for writing call and put options in Myso V3.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
.png)
Summary
The smart contracts are forked from Frankencoin v2024, which we previously audited. This review was limited to the changes applied by dEURO, under the assumption that the Frankencoin codebase does not contain any vulnerabilities.
The most critical subjects covered in our audit are asset solvency, functional correctness and accounting correctness. Security regarding asset solvency was improved, see Interest Accrual Can Lead to Under-Collateralization. Security regarding functional correctness was improved, see Auctions May Never End. Accounting correctness is improvable, see Challengers must calculate virtualPrice themselves.
In summary, we find that the codebase currently provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About dEURO Smart Contracts
dEURO implements a decentralized protocol to issue dEURO on-chain, a stablecoin that is pegged to theEuro. Each dEURO minted is backed either by collateral assets or other trusted stablecoins pegged to the EURO.
We chose Chainsecurity to audit dEURO because they had already worked on Frankencoin and understood the protocol inside out. That background, combined with their reputation for top-tier audits, made them the obvious choice. The process was smooth, the findings were clear and helpful, and we were glad to share the results with our community.
Patrick Larsen-Ledet, Lead Developer at dEURO Association
.png)
Summary
The most critical subjects covered in our audit are functional correctness, access control, and the integration with CCTP. The general subjects covered are gas efficiency, documentation and composability. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark ALM Controller
SparkDAO implements the Spark ALM Controller, a suite of contracts of the Spark Liquidity Layer designed to manage and control the flow of liquidity originating from DSS Allocator.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are functional correctness, precision of arithmetic operations, and front-running. Security regarding all the aforementioned subjects is good but improvable, see Unaccounted roundings when depositing and withdrawing and Balance of Euler account counted twice in calcLimits(). Notice that Euler decided not to fix some of the issues for the time being; these issues have been marked Acknowledged .
The general subjects covered are code complexity, gas efficiency, and trust relationships. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security, which could be improved if all the outstanding issues were to be addressed.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About EulerSwap
Euler implements EulerSwap, an AMM that uses a custom bonding curve, and enhances its liquidity by borrowing additional funds from Euler vaults.
ChainSecurity delivered an exceptional audit for our project. Their meticulous approach and quick responsiveness enhanced our security and provided crucial insights. We greatly appreciate their dedication and excellent communication throughout the process.
Erik Arfvidson, Head of Cybersecurity, Euler Finance
Summary
The most critical subjects covered in our audit are the correctness and potential regressions of the refactored code, the correctness of partial liquidations and the new Tumbler rate keeper. Security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, testing, documentation and specification. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Gearbox Core & Oracles V3.10
Gearbox implements V3.10 of the Core protocol and the oracles. The new version aims to make the system compatible with the new governance module. Moreover, it adds partial liquidations.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with the existing contracts. The general subjects covered are documentation, trustworthiness, and unit testing.
Security regarding all aforementioned subjects is high. However, it is improvable due to potential escalation of privileges as outlined in Bypassing step-size and DoSing ilk initializations.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky SP-BEAM Module
Sky implements SP-BEAM, a module enabling permissioned actors to make direct changes to stability and savings rates.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subjects covered in our audit are functional correctness, front-running, and suitability for Sky's governance. The general subjects covered are trustworthiness and gas efficiency.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky Chief smart contracts
Sky implements a continuous approval voting system introducing SKY as the governance token while simplifying the previous version.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subjects covered in our audit are functional correctness. The general subjects covered are documentation, specifications and gas efficiency.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky Rates Converter
Sky implements a rate converter (Conv) to facilitate the conversion between rates per second and yearly rates in basis points (BPS).
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
The most critical subjects covered in our audit are functional correctness, access control, precision of arithmetic operations.
Access control is working as expected.
Several issues with the correct handling of investment stages have been found in previous versions of this report. Furthermore, depending on the chosen base currency of a fund, the contracts were exposed to a certain degree of Precision loss. These problems have been mitigated.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Fume Finance smart contracts
Fume implements an on-chain administration platform for funds. Investments into such funds can be handled either off-chain or on-chain.
"Founded in 2023 and headquartered in Ticino, Switzerland, Fume was created to revolutionize the way investment funds are managed. The Fume platform is designed to support a wide range of assets, including digital tokens, stocks, real estate, and commodities, making it an attractive solution for both traditional and digital fund managers. Built by a team with deep expertise in blockchain, finance, and law, with the backing of a fintech VC, a family office, and established asset managers."
Summary
We did not find severe issues. However, multiple minor issues related to fees were raised (see Missing Slippage Protection, Fee Can Be Avoided on Small Amounts and Repeated Fees) and the deposit limits are ineffective as described in Ineffective First Deposit Limit. All issues where addressed.
In summary, we find that the codebase provides a high level of security. Yet, it is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDO & USDOExpress
OpenEden implements a USD stablecoin called USDO and a wrapper contract (acting as a vault) for it called cUSDO. The stablecoin will be backed by yield-earning U.S. treasury bills. USDOExpress adds instant mint and redeem functionality to the existing USDO token.
ChainSecurity demonstrated professionalism and thoroughness in their security assessment of our smart contract. Their meticulous and rigorous approach ensured a comprehensive audit process that validates the integrity and robustness of our codebase.
Duke Du, CTO of OpenEden
Summary
We did not find any critical issues in the codebase. Yet, we recommended testing cUSDO deposits, transfers and withdrawals with intermediate multiplier changes in USDO very carefully. All raised issues were addressed accordingly.
In summary, we find that the codebase provides a high level of security as most critical operations are access-controlled and should have additional off-chain procedures to ensure the security of the system. However, it is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDO
OpenEden implements a USD stablecoin called USDO and a wrapper contract (acting as a vault) for it called cUSDO. The stablecoin will be backed by yield-earning U.S. treasury bills.
Summary
The most critical subjects covered in our audit are functional correctness, access control and merkle proof verification. Security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency and proper documentation. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About SparkRewards
Spark implements the SparkRewards smart contract to distribute ERC-20 tokens based on a Merkle tree root and epochs.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subject covered in our audit is functional correctness.
The general subjects covered are event handling, documentation, and gas efficiency.
Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sky DSS Blow2
Sky implements Dss Blow2, a contract to facilitate the returning of Dai and USDS to the Sky Protocol as system surplus.
“The Sky Protocol (formely known as MakerDAO) is one of the largest dapps on the Ethereum blockchain. Designed by a disparate group of contributors, including developers within the MakerFoundation, its outside partners, and other persons and entities, it is the first decentralized finance (DeFi) application to see significant adoption.”
ChainSecurity has been an invaluable partner throughout almost two years of high-stakes product launches. We prize them for their proactivity, consistency & flexibility—we’re looking forward to continuing the partnership!
Deniz Yilmaz, Tech Lead at Sky
Summary
All high severity findings were resolved. Some new medium severity issues were identified in the latest review of the codebase. There are still many low severity issues open, and given a stable codebase and more time, likely many more could be found, due to the complexity of the codebase. However, assuming the more severe issues are addressed, they should be mostly benign.
In summary, we find that the codebase provides a good level of security.
The contracts are complex and have even more complex dependencies. We did not review the economic soundness of the contracts nor is it possible to find all the edge cases in this system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Curve Stablecoin
Curve implements a new stablecoin that is based on different mechanics to keep it stable and manage the loans.
—
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance
Summary
The code is well structured and implements an upgrade architecture similar to the diamond proxy upgrade pattern. The most critical subjects covered in our audit are functional correctness and arithmetic correctness. The most severe issues is an incorrectly calculated redeem (Incomplete fund transfer when withdrawing) and a double counted balance when swapping (double-counting in swap). All issues were addressed and resolved if necessary. We advised to increase the test suite as the issues could have been caught by e.g., testing redeems with strategies that partially fulfill the request.
The team was always very responsive and was clarifying all questions quickly and professionally. In summary, we find that the current codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Yelay Lite smart contracts
Yelay implements a dedicated vault system that directs all yield into a yield extractor. Users will be rewarded outside of the protocol from the respective clients. The vault is for approved projects only.
Working with ChainSecurity was a great experience due to their pragmatic approach. Unbiased and thorough, the team genuinely strives to understand the business case behind the smart contracts. While meticulously highlighting all potential security risks, they always keep the business objectives in focus
Konstantin Samarin, Solidity Developer at Yelay
Summary
We could not identify any relevant issue in the code base. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sink Gauge v2
Velodrome implements a setup to lower the need of newly minted Velo which consequently slows down or could even stop the inflation rate. This is achieved by using a special gauge contract. If users vote for this gauge, the corresponding rewards will be sent directly from the voter to the minter contract. There is also a pool without functionality and the factory contracts to correctly integrate the setup in the overall ecosystem.
#Source
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
.png)
.png){kind=logo}
Summary
The most critical subjects covered in our audit are asset solvency and front-running resistance. Security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, code complexity, and documentation. The robustness regarding all the aforementioned subjects is satisfactory but can be improved, see Redundant checks in...Many() functions and Inaccurate NatSpec. Furthermore, this report contains notes highlighting considerations to prevent unexpected behavior during operation.
In summary, we find that the codebase provides a high level of security. No issues were identified that would pose a significant risk to the system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Uniswap Franchiser Expiry
Uniswap Foundation's Franchiser system enables multi-level delegation of UNI tokens' voting power. This latest version introduces support for expirations with permissionless recall of funds to the original owner after expiry.
"The Uniswap Foundation is dedicated to building a self-sustaining community that contributes to the future growth of the Uniswap Protocol. We have strategically designed our grants program to create a long-lasting ecosystem made up of developers, researchers, and governance contributors. We strive to create shared ownership for our entire community and work with them to define the future of DeFi’s most important protocol."
Summary
The most critical subjects covered in our audit are the safety of the funds, the security of the ownership recovery mechanisms and their resistance against malicious actors, the signature validation, and the correct configuration of the wallet. Our most important findings concerned the different recovery mechanisms of the wallet, as described in the issues Ownership transfer race conditions and Social recovery with less than minConfirmations possible. All the issues have been addressed by Unstoppable and security regarding the afore mentioned areas is high.
The general subjects covered are interactions with other addresses, access control, and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase could provide a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Unstoppable Wallet
Unstoppable implements a smart contract wallet that supports authentication via WebAuthn, and enables ownership transfers via an inheritance, and a social recovery mechanism.
"Unstoppable is on a mission to render centralized platforms obsolete by providing a comprehensive permissionless alternative for every CEX feature."
.png)
Summary
The most critical subjects covered in our audit are functional correctness, access control, and upgradeability. No significant vulnerabilities were identified during this review, therefore security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDT0 Arbitrum v2
In this project, the second version of the Arbitrum Extension of the TetherToken is implemented. This version of the token migrates the bridging functionalities from the Arbitrum Bridge to LayerZero.
Working with ChainSecurity has been an exceptional experience. Their prompt response times, deep technical expertise, and seamless workflow demonstrate their professionalism and dedication to excellence. We are thrilled to partner with them and look forward to collaborating on future projects.
Lorenzo Romagnoli, USDT0
.png)
Summary
Our review focuses exclusively on code security issues introduced by the changes against the forked codebase. The review does not cover any economic risks. Any errors made by privileged users of the system, including those due to misunderstanding the intricacies and caveats of the forked code base, are out of scope.
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. Security regarding asset solvency is high.
In the latest version of the codebase:
- Functional correctness has been improved since Incorrect Bar Mechanism in Median and Missing Decimal Upscaling in TRXJoin were resolved.
- Access control has been improved since Access to DSPauseProxy Is Not Restricted to DSPause and GovActionsProxy Will Lose Control Over DSPause if It Changes Delay to Nonzero were resolved.
- In addition, Denial of Service in Median Due to Revert on Invalid Price was partially corrected and the risk of Governance Delay is Currently Disabled was accepted. Hence active monitoring is required to ensure the oracle and governance work correctly.
The general subjects covered are event handling, specifications, and precision of arithmetic operations, which are further improvable, see Events Are Improvable, Incorrect Specifications, and Loss of Precision in Price Calculation Due to Scaling Logic.
In summary, we find that the codebase provides a satisfactory level of security.
Continuing to allocate sufficient time for more extensive internal QA would further increase the security level of the codebase.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDD V2 Smart Contracts
Decentralized USD implements USDD V2, a fork of the MakerDAO Protocol (now Sky) on the Tronblockchain. It enables users to mint USDD stablecoin using various collaterals.
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. The reported issue Incorrect USDT Address has been resolved, hence security regarding all the aforementioned subjects is high.
The general subjects covered are gas optimizations and specification. Security regarding both subjects is high.
In summary, we find that the codebase provides an good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Decentralized USD PSM Smart Contracts
Decentralized USD implements a Peg Stability module (PSM) for USDD V2. The PSM is a system designed to help maintain the peg of USDD by enabling the direct exchange of USDD for supported stablecoins (and vice versa) at a fixed exchange rate of 1:1.
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control.
The general subjects covered are gas optimizations and specifications.
Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDD Exchange Smart Contracts
Decentralized USD implements an USDD Exchange contract which facilitates the one way exchange from the old TRC-20 USDD token to the new USDD token with a 1:1 exchange rate.
Summary
The most critical subjects covered in our audit are functional correctness, security of the vault's assets, and the proxy/upgradabilitiy pattern. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark Vaults
SparkDAO implements an ERC-4626 USDC Vault wrapping interactions with the PSM and SavingsUSDS allowing users to deposit USDC and earn yield from the Sky savings rate.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are function correctness, access control and integration with Symbiotic. The general subjects covered are gas efficiency, documentation and upgradeability. Security regarding the aforementioned subjects is good but improvable.
The most notable issues found were:
- Broken Queue Accounting
- Withdrawal Request Claiming Manipulation
- Bank Run on Excess Funds in Vault Prior to Slashing Event
- Migration can be DoSed
Note that the first two issues have been resolved through code correction. For the third and the fourth item, the risk has been accepted. Note that some other issues have been only partially corrected or their risk has been accepted.
Further, we provide some considerations for migration in Migration Considerations. See also the Notes for other considerations.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Mellow Symbiotic Vaults
Mellow Finance implements simple LRTs to tokenize deposits in Symbiotic.
"Mellow LRT is an innovative liquid restaking primitive allowing permissionless creation of modular LRTs. Mellow offers a series of vault smart contracts tailored to different risk profiles, managed by LRT curators."
Mellow Protocol has really complex contracts and codebase. Our team was very happy to work with Chainsecurity. We were impressed by the professionalism and depth of the smart contracts study by Chainsecurity. The team's versatile approach helped us improve our codebase's security and effectiveness and added confidence before our protocol launch.
Nick S, contributor @ Mellow Protocol
Summary
The most critical subjects covered in our audit are precision of arithmetic operations, asset solvency, invariant preservation, functional correctness, and front-running. Several issues of high and critical severity issues were identified in the first two iterations of the codebase, see Resolved Findings. The Governance contract was refactored in Version 3 to mitigate the reported issues by changing the core accounting and placing new restrictions on user operations (always reset all votes before new allocations).
In summary, we find that the codebase provides a satisfactory level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Liquity V2 - Voting Smart Contracts
Liquity implements Liquity V2, a decentralized stablecoin system with user set interest rates, iterating on Liquity V1. For more information, see our audit report for Liquity V2 - Bold Smart Contracts.
Liquity V2 implements a voting contract that distributes the incoming revenues based on the votes from users that have a stake in the system. A set of contracts are also provided to simplify the development of smart contracts that serve as proposals in the voting, known as initiatives.
We are very satisfied with ChainSecurity's expertise and thorough reports. It's a highly professional team that we would love to work with again.
Michael Svoboda, CEO @ Liquity AG
Summary
The most critical subjects covered in our audit are functional correctness, access control and message passing.
The general subjects covered are code complexity and specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About SparkDAO XChain SSR Oracle
SparkDAO implements cross-chain oracles for the Sky Savings Rate where update messages are sent to L2s from Ethereum Mainnet.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are asset solvency, cross-contract interaction and access control. Security regarding all aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security. Discovered low-severity issues do not pose an immediate treat and can only be triggered by human error. They were addressed in Version 2 of the code; however redeployment was considered unwarranted. If bugs ever trigger, they can be mitigated by upgrading the system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDT0 smart contracts
USDT0 offers a set of smart contracts that implement the Omnichain extension for USDT. These smart contracts rely on LayerZero's provided Omnichain Fungible Token (OFT) infrastructure to facilitate bridging functionalities to other chains.
Working with ChainSecurity has been an exceptional experience. Their prompt response times, deep technical expertise, and seamless workflow demonstrate their professionalism and dedication to excellence. We are thrilled to partner with them and look forward to collaborating on future projects.
Lorenzo Romagnoli, USDT0
.png)
Summary
The most critical subjects covered in our audit are proposal execution correctness, proposal sanitization during creation, and signature handling. Issues reported in the first version of the code were satisfactorily addressed. Security regarding all aforementioned topics is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Epoch Governor
Velodrome implements two governance mechanisms to direct the emission rate of the VELO token. The SimpleEpochGovernor allows a trusted EOA or MultiSig to change the emission rate, and the EpochGovernor implements a system where stakers of VELO in the Velodrome protocol can vote on how to change the emission rate.
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
Summary
The most critical subjects covered in our audit are soundness of the design, safety of arithmetics, and integration with concentrated liquidity oracles. Security regarding all aforementioned subjects is high.
In summary, we find that the codebase has a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Slipstream Dynamic Fee
Velodrome implements the Slipstream Dynamic Fee module. A fee module that integrates with the Slipstream Concentrated Liquidity AMMs to provide the pools with dynamic fees which depend on market volatility.
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
Intmax implements two specialized libraries for use in Intmax2 ZKP: Plonky2 BN254 for scalar multiplication on the bn254 curve with additional utility functions and Plonky2 Keccak, a circuit gadget that calculates keccak256 hashes compatible with Solidity.
The most critical subjects covered in our audit are soundness and completeness. Before the intermediate report, several missing constraints allowed proving arbitrary statements:
• Padding Filter Allows Bypassing STARK Constraints
• Missing Constraints for Some starting values of STARKs
For details and further issues, please refer to the detailed issue description in the report. No issues were uncovered in Plonky2 Keccak.
After the intermediate report all issues have been resolved. In summary, we find that the Plonky2 Keccak256 and Plonky2 BN254 codebases provide a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
Summary
The most critical subjects covered in our audit are functional correctness, integration with Arrakis Modular and external systems, asset solvency and precision of arithmetic operations. The general subjects covered are specification, gas efficiency, and trustworthiness.
The most significant findings are:
• Array manipulation during iteration
• Bad rounding
• Manager fee collected multiple times
• Token allowance abuse during module change
The first three items have been corrected through code corrections while the risk for the last one has been accepted. Note that other lower severity issues have been partially corrected or acknowledged.
It is also worth noting that the project is subject to certain roles that are not fully trusted and can, theoretically, extract small parts of the liquidity in discrete timer intervals. See Possibilities of executors to drain funds for details.
In summary, we find that the codebase provides a good level of security, although it depends on the correct usage by trusted accounts.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Arrakis Uniswap V4 Module
Arrakis Finance implements modules integrating with Uniswap V4 for Arrakis Modular. That allows managers to manage a vault's liquidity on Uniswap V4.
"Arrakis is web3's trustless market making infrastructure protocol that enables running sophisticated algorithmic strategies on Uniswap V3. Liquidity providers can utilize Arrakis Vaults to have their liquidity be managed in an automated, capital efficient, non-custodial and transparent manner."
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO DSS Vest
Client implements DssVest, an abstract contract for creating vesting plans, with concrete implementations defining payout methods (mintable, transferable, suckable). In this latest version, DssVestSuckable has been refactored to support USDS.
Summary
The most critical subjects covered in our audit are functional correctness, access control and frontrunning resistance.
In a production setting, Deployment verification is strongly recommended.
While Foundry does not atomically perform deployment, no frontrunning possibilities have been found.
The current state of the deployment and initialization scripts shows a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO - Endgame Toolkit Deployment Scripts
MakerDAO implements a toolkit for SubDAO governance including a governance token, a proxy contract for governance spell execution and a reward farming contract. This audit report reviews the security and correctness of the corresponding deployment scripts.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. After the intermediate report all issues have been resolved.
The general subjects covered are specification, gas efficiency, and trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Sparklend advanced
MakerDAO implements two new price oracles that can be used within the SparkLend protocol, one has a fixed price and the other has a capped price. In the extended scope, two interest rate strategies have been added. One sets the base rate using a rate source, while the other targets a specific rate at optimal utilization.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
Throughout the engagement, the communication and cooperation with the Curve and Yearn teams were excellent. The Curve team was responsive and provided the necessary information to conduct the audit efficiently. Besides the audit we also supported the Curve team with questions and feedback on the codebase.
The general subjects covered were proper use of Yearn vault, access control, and correct accounting.Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security. Yet, it is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Curve scrvUSD
Curve adopted Yearn's vault to distribute rewards to crvUSD holders that deposit their tokens in the vault. The rewards' origin from fees generated by Curve's stablecoin system. If the vault registers a profit, the profit is paid to the users over time by issuing shares to the vault backed by the profit and burning these shares over time.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for their very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance
.png)
Summary
The most critical subjects covered in our audit are integration with external protocols, DoS possibilities and functional correctness. The general subjects covered are upgradeability, gas efficiency and event emissions.
The most significant findings Broken clisBNB withdrawals and DoS by Donation have been corrected through code correction.
In summary, we find that the codebase provides a good level of security.
Moreover, we would like to highlight that it is necessary to make the assumptions described in Integration with Lista DAO to reliably integrate with the Lista DAO protocol. Failure to meet these assumptions could put Kernel user funds at risk.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Kernel Smart Contracts
Kernel DAO provides a token staking system that manages user assets within designated vaults. The contracts are upgradeable and form the basis for the development of a restaking protocol that KernelDAO ultimately plans to implement.
"Kernel is a premier restaking protocol maximizing staked assets' potential."
ChainSecurity set the gold standard with their meticulous and professional approach to auditing Kernel. Their in-depth analysis and unwavering attention to detail ensured every facet of our protocol was scrutinized and fortified. This audit is a testament to our shared commitment to top-tier security, solidifying Kernel’s standing as a reliable force in the industry. Kudos to the ChainSecurity team for their stellar work!
Dheeraj Borra, Founder
.png)
Summary
The most critical subjects covered in our audit are functional correctness and accounting correctness.
Functional correctness has been improved, as the new liquidation mechanism could interfere with the existing one, see buyExpiredCollateral Can Disincentivize Challenging. Additionally, the minimum collateral requirement for positions was not enforced, see Minimum Collateral Can Be Partially Withdrawn. Accounting correctness was improvable, as bad debt was not accounted correctly, see forceSale Does Not Account for Bad Debt.
The general subjects covered are specification and trust model. Specification is improvable, as the only specification provided was in the form of code comments. Security regarding the trust model is high, as the system still relies on the same trust model as the original Frankencoin contracts, with no additional trusted roles.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Frankencoin v2024
Frankencoin implements extensions to the already deployed Frankencoin stablecoin system. The extensions include a MintingHub with variable interest rates, a PositionRoller that enables flashloans, and a Savings module. The contracts must be accepted as Minters by Frankencoin Governance to become usable.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done!I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin
Summary
The most critical subjects covered in our audit are functional correctness, the isolation of the adapter from the rest of the system, and the correct integration with the external system. The isolation of the adapter was improved in response to BatchTrade Should Revert On Error. Security regarding all aforementioned subjects is high.
Some notes on the external system’s behavior can be found in Replayable TradeSigner Signature and Rebasing Tokens with Transfer Loss are Not Supported.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme 31Third Adapter
31Third implements an adapter for Enzyme, which allows batch trades using the 31Third protocol. The adapter was made possible through an Enzyme grant to 31Third.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are integration with the Velodrome superchain system, cross-chain compatibility, and gauge liquidity accounting. The security of all aforementioned subjects is high, after some of the issues uncovered by ChainSecurity were properly addressed.
The general subjects covered in our audit are ABI compatibility of similar contracts, address collisions, correct deployment of pools and gauges. The security of all aforementioned subjects is high. Possibility of address collisions are discussed in the note Attackers can in the future generate address collisions.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Superchain Slipstream
Velodrome implements Superchain Slipstream, a Superchain extension of the Velodrome Slipstream concentrated liquidity pools and liquidity mining incentives. Superchain Slipstream allows deploying Concentrated Liquidity pools and gauges on Leaf chains, chains which are part of the Optimism Superchain ecosystem. The Leaf chain gauges will receive rewards for Liquidity Providers in the form of Velodrome emissions bridged from the Root chain (OP Mainnet).
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
Summary
The most critical subjects covered in our audit are functional correctness and access control. General subjects covered are gas efficiency and trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Symbiotic Burners Smart Contracts
In this iteration we reviewed the new BurnerRouter and its corresponding BurnerRouterFactory. BurnerRouter is a contract that allows for the redirection of slashed collateral tokens to configurable addresses. It provides the flexibility to change and configure the receiver of slashed tokens.
Reliable and predictably great quality of analysis maintained for years and years now. As close as you can get to “set and forget” with audits.
Misha Putiatin, Co-Founder Symbiotic
Summary
The most critical subjects covered in our audit are LP token price manipulation by unprivileged users, price manipulation by privileged users, and decimal precision in mathematical operations. For all aforementioned subjects, the security is high.
The general subject covered by this audit is the integration of SafeguardPool LP tokens as collateral in Euler lending markets. Regarding this subject security is good, but as seen in Potentially significant underpricing in Some Scenarios, the price returned by the oracle is only a lower bound on the value of the LP tokens. Users whose positions are collateralized by SafeguardPool LP tokens should be aware of the pricing mechanism.
Since the price returned by the oracle is a lower bound, ChainSecurity reminds future users of SwaapSafeguardOracle that it can only be used to price the collateral of lending markets, and never the borrowable token.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Swaap v2 Euler Adapter
Swaap Labs implements SwaapSafeguardOracle, a price feed that integrates in the Euler Price Oracles system to allow using Liquidity Tokens of Swaap SafeguardPool as collateral in Euler vaults.
We have collaborated with ChainSecurity on four occasions, and their findings and reports have consistently been thorough and insightful. Their unmatched expertise proved invaluable during complex integrations across different projects. We look forward to continuing our partnership with them in the future.
Christian Dahdah, Senior Protocol Engineer
.png)
Summary
The most critical subjects covered in our audit are functional correctness, access control and front-running prevention. Security regarding all the aforementioned subjects is high. However, one minor issue was found, that might endanger the system, if access control restrictions are ever softened, see CreateX entropy bit limit.
The general subjects covered are code complexity, upgradeability and unit testing. Code complexity is low due to the use of standard libraries and good readability. Security regarding Upgradeability is good. Testing is good, but the compiler version is not fixed for tests and deployment, see Floating pragma version.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Velodrome Superchain
Velodrome Superchain is an extension of existing Velodrome V2 Optimism reward mechanics to other networks within the Optimism Superchain ecosystem. Deployments on all leaf chains are managed from the Optimism mainnet Root chain, via Hyperlane bridge infrastructure.
"Velodrome Finance is a next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as the liquidity hub for the Superchain."
With a tight schedule and an important release on the line, ChainSecurity exceeded our expectations, assembling multiple internal teams and delivering a thorough, accurate report that kept us on budget and on time. We couldn’t be happier or more confident working with their team..
Velodrome Contributors
Summary
The most critical subjects covered in our audit are callback handling, nested operations, nonce processing, and slippage protection in swaps. Security regarding all aforementioned subjects is high. The unexpected slippage caused by accumulation of deviations of oracles, described in RecurringSwap Oracle deviations contributing to slippage, has been acknowledged as part of the behavior of the system, and properly documented.
All the issues raised have been satisfactorily addressed by Legend Labs, however a QuarkWallet is designed to execute arbitrary code in the context of a user's wallet through delegatecall. Script developers must understand the core mechanics of the Quark wallet before integrating with it, and Legend Labs should safeguard users against blind-signing malicious payloads by providing appropriate tooling to inspect wallet operations.
In summary, we find that the Quark codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Legend Labs Quark V2 and Quark Scripts
Legend Labs implements Quark v2, a smart contract wallet that enables accounts to run arbitrary scripts, Legend Labs also provides a suite of scripts to facilitate wallet operation and interact with DeFi systems. This audit follows our first audit of Quark, which can be found here. The new system implements an updated version of nonce control and state isolation, and introduces transient storage.
Summary
The most critical subjects covered in our audit are functional correctness and precision of arithmetic operations. The general subjects covered are documentation, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark PSM
SparkDAO implements a peg stability module that supports three assets - two stable coins (USDC and USDS) and one yield-bearing wrapped stablecoin (sUSDS). That is intended to both stabilize the peg and offer liquidity on L2s.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
.png)
Summary
The most critical subjects covered in our audit are the security of the funds and the liveness and correctness of the bridging process. Only minor issues were uncovered. Security regarding all the aforementioned subjects is high.
The general subjects covered are the efficiency of the implementation, centralization, specification, documentation, and testing. The efficiency of the implementation could be improved in some cases. The centralization of the system is very high. This means that the admins of the system are in full control of the funds on the bridge and Tron. Specification and documentation are sufficient as well as unit testing.End-to-end testing seems to not be sufficient. This is particularly important given that TronVM might differ from Ethereum in unexpected ways.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Tron-peg USD Coin (USDC)
JustCrypto launches a Tron-peg USDC token on Tron Chain and implements a bridge between Ethereum and Tron to allow users to transfer USDC between the two chains. Users' assets are locked on TronUSDCBridge contract controlled by TronUSDCBridgeController. An operator of the bridge then mints an appropriate amount of USDC on Tron. Tron USDC is controlled by the USDCController.
Summary
The most critical subjects covered in our audit are security, functional correctness and seamless integration with the existing system. While security regarding all the aforementioned subjects is high, this report contains some notes about the proper use of the contracts. The most significant finding discusses Precision Loss in rewardRate Calculation.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Maker EndGame Toolkit
In the latest version, reviewed changes were made to the StakingRewards contract: updating the rewards duration can now be done during an active distribution. Furthermore the constructor now features an additional check to prevent an unsupported configuration. Overall the endgame-toolkit offers a new governance token for SubDAO-level governance, a SubProxy for executing governance delegatecalls and a farming module allowing stakers to earn rewards.
--
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and the integration with Arbitrum's messaging infrastructure. The general subjects covered are error handling, trustworthiness and specification. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Arbitrum Token Bridge
MakerDAO implements a custom token bridge between Ethereum and Arbitrum that supports the bridging of multiple tokens.
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
MakerDAO implements a custom token bridge between Ethereum and L2s based on the OP stack.
The most critical subjects covered in our audit are functional correctness, access control and the integration with the OP stack's messaging infrastructure. The general subjects covered are error handling, trustworthiness and specification. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO OP Token Bridge
MakerDAO implements a custom token bridge between Ethereum and L2s based on the OP stack.
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness, and access control. Security regarding all the aforementioned subjects is high.
The audit did not uncover any issues.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Sulu AaveV3 Flashloan
Enzyme Foundation implements a smart account for AaveV3 flash loans. Only flash loans with interestRateMode 0 can be performed, enforcing the flash loan to revert if not payed back directly.
Summary
The most critical subjects covered in our audit are functional correctness, access control and front running resistance.
Security regarding all the aforementioned subjects is high. A missing sanity check (see Rate is not validated) has been added.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO Sky Deployment Scripts
MakerDAO implements a governance token and an exchange contract for exchanging MKR against the new token in a predefined ratio. This audit report reviews the security and correctness of the corresponding deployment scripts.
--
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness, security of the assets and the proxy/upgradability pattern. Security regarding all the aforementioned subjects is high.
The general subjects covered include the specification, adherence to the ERC standards and optimisations.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO Savings USDS
MakerDAO implements Savings USDS, a tokenized implementation of a savings rate for USDS.
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are security, functional correctness and seamless integration with the existing system. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About USDS Smart Contracts
MakerDAO introduces a new stablecoin token (USDS, rebranded DAI) along with a permissionless converter for 1:1 conversions between DAI and USDS. The USDS is an ERC-20-compliant token, and the converter, DaiUsds, enables seamless exchanges. The project also features UsdsJoin, which is the USDS equivalent of DaiJoin.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are denial of service, correct access control and correct usage of the new Vyper modules. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Curve Fee Splitter
Curve implements fee splitter to distribute fees (in crvUSD token) from the crvUSD stablecoin markets to different recipient according to configured weights.
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for their very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and cross-chain messaging. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity and specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO OP Farms Smart Contracts
MakerDAO implements a mechanism to distribute rewards originating from a source on Ethereum L1 to afarm contract on OP Stack L2s.
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are asset solvency and front-running resistance. Security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, code complexity, and documentation. Security regarding all the aforementioned subjects is satisfactory, but can be improved, see Franchiser.subDelegateMany() Modifier Called in a Loop and Inaccurate NatSpec.
In summary, we find that the codebase provides a high level of security. No issues were identified that would pose a significant risk to the system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Uniswap Franchiser smart contracts
Uniswap Foundation implements a Franchiser system, that allows multi-level delegation of UNI tokens' voting power.
"The Uniswap Foundation is dedicated to building a self-sustaining community that contributes to the future growth of the Uniswap Protocol. We have strategically designed our grants program to create a long-lasting ecosystem made up of developers, researchers, and governance contributors. We strive to create shared ownership for our entire community and work with them to define the future of DeFi’s most important protocol."
Summary
SparkDAO implements cross-chain oracles for the Sky Savings Rate where update messages are sent to L2s from Ethereum Mainnet.
The most critical subjects covered in our audit are functional correctness, access control and message passing.
The general subjects covered are code complexity and specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark XChain DSR Oracle
SparkDAO implements cross-chain oracles for the Sky Savings Rate where update messages are sent to L2s from Ethereum Mainnet.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and the correct integration into the existing D3M v2 system.
The general subjects covered include the consistency of the codebase. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO D3M AaveV3 USDS Pool
MakerDAO has implemented a new component for the existing D3M v2 system: a pool supporting USDS deposits into Aave V3-like protocols without supply caps, such as SparkLend.
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness, access control and frontrunning resistance.
Security regarding all the aforementioned subjects is high. Some Missing checks introduced small problems but these have been fixed / will be fixed as soon as it is possible.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDao Allocator Deployment Scripts
MakerDAO implements an allocation system for funding certain SubDAOs of the MakerDAO ecosystem with USDS. This audit report reviews the security and correctness of the corresponding deployment scripts.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
MakerDAO implements a token allocation system for AllocatorDAOs which consists of a core, a funnel and an automation layer.
The most critical subjects covered in our audit are asset solvency, access control and functional correctness. Security regarding all the aforementioned subjects is high.
The general subjects covered are specification and integration with 3rd party systems. All the aforementioned subjects are covered well.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Makerdao – DSS allocator
MakerDAO implements a token allocation system for AllocatorDAOs which consists of a core, a funnel and an automation layer.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are frontrunning, effect of withdrawal delays, and jumps in value because of slashings. Security regarding all the aforementioned subjects is high.
The general subjects covered are accounting of assets, and correct integration. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Swell Symbiotic-Aera Adapter
Swell implements Symbiotic-Aera Adapter, an adapter smart contract that allows the Aera treasury management protocol to deposit funds in the Symbiotic restaking protocol. Swell intends to use this within the scope of the swBTC project, to allocate WBTC to Symbiotic through a managed Aera vault.
--
"Swell is a non-custodial staking protocol with a mission to deliver the world’s best liquid staking and restaking experience, simplify access to DeFi, while securing the future of Ethereum and restaking services."
ChainSecurity delivered a prompt and highly professional audit of our swBTC restaking vault. Their quick response, thoroughness, and attention to detail have greatly enhanced the trust in our product. We’re eager to collaborate with them again in the future.
Chris Matthias, Head of Operations
Summary
Swell Finance implements a BTC LRT aiming to be compatible with any restaking protocol to allocate to the best AVS's across multiple platforms. The system is built off YearnV3's robust Vault Codebase.
The most critical subjects covered in our audit are the functional correctness of the delayed withdrawal module and the correct integration of Yearn's VaultV3 and tokenized strategy systems. Security regarding all the aforementioned subjects is extensive.
Other general subjects covered are access control and interactions with the Aera vault. Security regarding all the aforementioned subjects is high.
The test coverage is minimal and should be improved to ensure that all code paths and features are tested.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About swBTC Smart Contracts
Swell Finance implements a BTC LRT aiming to be compatible with any restaking protocol to allocate to the best AVS's across multiple platforms. The system is built off YearnV3's robust Vault Codebase.
"Swell is a non-custodial staking protocol with a mission to deliver the world’s best liquid staking and restaking experience, simplify access to DeFi, while securing the future of Ethereum and restaking services."
ChainSecurity delivered a prompt and highly professional audit of our swBTC restaking vault. Their quick response, thoroughness, and attention to detail have greatly enhanced the trust in our product. We’re eager to collaborate with them again in the future.
Chris Matthias, Head of Operations
Summary
The most critical subjects covered in our audit are functional correctness and security. The general subjects covered include usability, gas efficiency, and documentation.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO USDS Wrappers
MakerDAO implements a permissionless wrapper to swap USDS using the PSM-lite.
--
"The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
SparkDAO implements a contract that batches actions of the PSM and the savings token. Additionally, a helper contract for migrating from DAI or sDAI to USDS or sUSDS has been implemented.
The most critical subjects covered in our audit are functional correctness and precision of arithmetic operations. Security regarding all the aforementioned subjects is high.
The general subjects covered are unit testing and documentation. Both are good. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark User Actions
SparkDAO implements a contract that batches actions of the PSM and the savings token. Additionally, a helper contract for migrating from DAI or sDAI to USDS or sUSDS has been implemented.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are functional correctness, access control and frontrunning resistance.
Security regarding all aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO UniV2 Migration Deployment Scripts
MakerDAO implements a migration script that moves MakerDAO’s DAI/MKR Uniswap v2 LP position to a new USDS/SKY pool.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are access control, asset solvency, functional correctness, and the impact of the change on the existing system. An issue with functional correctness was identified, where Splitter.cage() did not lock the Splitter completely (see Splitter.cage() does not lock theSplitter). After the intermediate report, this issue has been resolved.
The general subjects covered are specifications correctness, optimizations, and soundness of the deployment and initialization scripts. The specification of babylonian.sqrt() was inaccurate (see Incorrect specification). The checks in the initialization scripts could be further enhanced (see Missing check for bump and Missing check of reward token on farm contract). All the issues have been resolved and security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO DSS Flappers
MakerDAO has implemented new contracts to process the surplus of the stablecoin system. A new Splitter contract divides the surplus between a burning engine (Flapper) and a reward farm. Flapper contracts interact with UniswapV2, exchanging USDS for Gem tokens, with two variants:FlapperUniV2SwapOnly fully converts USDS to Gem, while FlapperUniV2 adds liquidity to the pool.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and resistance to oracle manipulations. The contracts are functionally correct and are, in most cases, resistant against oracle manipulations under the assumptions that:
- Curve's price_oracle() cannot be manipulated to a lower value during a maximum of 2 blocks.
- Curve pool imbalances are efficiently arbitraged every block
- CryptoPoolOracle is not used for StableSwap pools.
- The underlying Curve pools experience regular usage.
However, some certain edge conditions can enable oracle manipulation attacks that are able to extract value: Oracle manipulation during withdrawal. Conic, for now, accepts this risk and tries to find an optimal solution.
In summary, we find that the codebase provides an improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Conic Crypto Pool Update
Conic implements a new oracle for pricing LP tokens of Curve Crypto pools. Additionally, Conic implements a new contract for determining the share of CNC rewards that is distributed to each Conic pool.
“Conic Finance is an easy-to-use platform built for liquidity providers to easily diversify their exposure to multiple Curve pools. Any user can provide liquidity into a Conic Omnipool which allocates funds across Curve in proportion to protocol controlled pool weights.”
Conic's V2 audit by ChainSecurity was exceptional. Their thorough analysis revealed complex edge cases, providing invaluable insights that exceeded our expectations and underscored our commitment to providing the highest level of security.
C-3PO
Summary
The most critical subjects covered in our audit are correct implementation of interfaces, external calls, as well as decimals usage. Security regarding all the aforementioned subjects is high.
The audit did not uncover any issues.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XX
Enzyme Foundation implements two new Enzyme price feeds: a primitive price feed that converts ynETH (YieldNest ETH) to ETH and a derivative price feed that converts Stader SD tokens to ETH.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are correctness of the proxy upgrade and the overall functional correctness. Security regarding both subjects is high after Storage Collisions have been mitigated.
The documentation of the codebase is improvable.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About POL TransitionSmart Contracts
Polygon implements several changes to the Polygon ecosystem that consolidate the transition to the POL token, the native token for Polygon 2.0 and the successor to the MATIC token.
--
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
With their in-depth analysis and diligent approach, ChainSecurity has proven a reliable partner, keeping security standards high when it comes to our most critical infrastructure here at Polygon.
Simon Dosch, Smart Contract Lead, Polygon
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
Summary
Due to the complexity of Java-Tron and the limited allocated time, this review cannot uncover all the bugs inside of it. Instead, the goal of this review was to uncover as many bugs as possible while focusing on the following parts of the code:
• Tron Virtual Machine (TVM)
• Consensus
• Peer-to-Peer (P2P)
Some of the most significant findings are:
• PBFT Messages Create State Expansion
• Unpermissioned Censoring of Fork Blocks
• Resource Consumption by Blocks Not Signed by Witnesses
These three findings have all been addressed through code corrections. For some other issues, the risks have been accepted based on the assumption of economically acting super representatives. Lastly, some issues with non-critical severity have been redacted to prevent malicious actors from creating disturbances.
It is important to note that such reviews are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Java-Tron
Tron uses Java-Tron as the node software to run the Tron network. Hence, Java-Tron is (among other things) responsible for executing transactions, generating blocks, achieving consensus and operating the peer-to-peer network.
"TRON is dedicated to accelerating the decentralization of the Internet via blockchain technology and decentralized applications (DApps)."
ChainSecurity has proven to be a helpful platform for the TRON DAO, providing us with comprehensive security assessments that reinforce the strength and integrity of the TRON network. Their attention to detail has bolstered trust and confidence from our users in the TRON ecosystem. ChainSecurity’s unparalleled expertise continues to play a vital role in helping us uphold the highest standard of security.
Sam Elfarra, Community Spokesperson
Summary
The most critical subjects covered in our audit are correct implementation of interfaces, external calls, as well as decimals usage. Security regarding all the aforementioned subjects is high.
The audit did not find any issues.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XIX
Enzyme Foundation implements a new Enzyme price feed that converts wstETH to ETH.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and Enzyme's integration with the external system.
Functional correctness did not hold due to claimable collateral that might have been tracked incorrectly. For details please refer to the issue: Overestimation of Claimable Collateral in getManagedAssets. Further, the position's value could have been temporarily decreased by hiding value in the execution fee, which was not accounted for when evaluating the external position's total value: ExecutionFee of Orders in getManagedAssets.
After the intermediate report, all issues have been resolved.
During the assessment period, it became apparent that the technical documentation for GMX V2 lacks key information. As a result, our in-depth understanding of the external system was primarily derived from analyzing the available source code.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XVIII
Enzyme Foundation implements a new external position for GMX V2. Supported orders are MarketIncrease, MarketDecrease (to modify long or short positions), StopLossDecrease (to set stop loss) and LimitDecrease (to set take profit). Additionally, a new policy DisallowedAdapterIncomingassetsPolicy has been implemented.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency, arithmetic operations and oracle safety.
Generally, functional correctness is good. However, note that there are some low-severity issuesregarding functional correctness. Security regarding the remaining subjects is high.
The general subjects covered are gas efficiency, trustworthiness, error handling and specification.Security regarding all the aforementioned subjects is good. However, specifications could be improved,see Initial Liquidity Mismatches Whitepaper and Mismatches With EIP-5115.
In summary, we find that the codebase provides a good level of security. Also, note that the security ofSYs is highly dependent on the more derived implementation which was out of scope. Further, note thatthe scope only includes the base SY implementation, PY V1 and markets V1. Please see AssessmentOverview, Trust Model and Roles, and Notes.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Pendle V2 Core
Pendle Finance implements a yield tokenization platform along with an interest rate market. The products are built on top of each other and use the implementations of the standardized yield standard as a baselayer.
"With Pendle, you can always maximise your yield: increase your yield exposure in bull markets and hedge against yield downturns during bear markets."
ChainSecurity was a pleasure to work with—exceptionally easy to coordinate with and delivering an audit of the highest quality. Their meticulous attention to detail truly set them apart, making the entire process smooth and efficient.
Long Vuong Hoang, Head of Engineering
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and integration with external systems and Enzyme's core system. Security regarding all the aforementioned subjects is high.
The general subjects covered are error handling, specification and trustworthiness. Security regarding all the aforementioned subjects is high. Note that the trust model for using GSN slightly changed, see the note Gas relay paymaster will fund arbitrary calls.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XV
Avantgarde Finance implements a price feed for EETH and a wrapper for Chainlink-like oracles with non-standard decimals. Additionally, the GSN integration is adapted. A new policy restricting redeem-for-specific-assets is introduced along with a peripheral FIFO contract that can redeem-for-specific-assets. Further, an asset manager contract is introduced that limits the share price loss an asset manager can cause. For integrations, a Pendle Finance external position and a Swell adapter are introduced.
---
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)