Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and security. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, gas efficiency and the integration of the wrapper into the existing system. All reported issues have been addressed in the latest version of the codebase.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About M^ZERO Wrapped M Token
M^ZERO Labs implements an upgradable, non-rebasing wrapper for the M token, supporting yield accrual while respecting the original whitelist of earners.
.png)
Summary
The most critical subjects covered in our audit are functional correctness, role management and front-running tolerance.
Security regarding the aforementioned subjects is high as only minor issues could be uncovered during this review.
It should be noted that the protocol design is very open, allowing various participants to create registered smart contracts with configurations that can potentially be dangerous. For this reason, it is advised to take special care when trusting any vaults, networks and operators.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Symbiotic Core
SymbioticFi implements a security layer for restaking. Deposited tokens can be assigned to operators running node software of networks. The assigned tokens are guaranteed to be slashable by networks incase of operator misbehaviors.
Reliable and predictably great quality of analysis maintained for years and years now. As close as you can get to “set and forget” with audits.
Misha Putiatin, Co-Founder Symbiotic
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and cross-chain messaging. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity and specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About MakerDAO Arbitrum Farms
MakerDAO implements a mechanism to distribute rewards originating from a source on Ethereum L1 to aFarm contract on Arbitrum L2.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are the isolation of the pools, asset solvency and functional correctness.
The general subjects covered are usability, oracle security, access control, adherence to the specification and general design issues.
All issues uncovered during the review process have been addressed with suitable fixes. We believe the codebase to have a satisfactory level of security. The high complexity and extensibility of the project present a large attack surface. VESU internally relies primarily on one smart contract developer which, even though supported by external reviewers, limits the ability for internal QA. During the audit timeline, significant improvements in design and overall code quality have been achieved, but some novel issues and regressions remained present during the last review cycle. In our experience, these factors combined present an elevated risk of undiscovered vulnerabilities in the current codebase.
Continuing to allocate sufficient time and resources, strengthening the robustness of the design, and introducing internal security-focused quality assurance practices such as thorough unit- and regression-testing can significantly increase the level of security of the codebase and our confidence in it.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Vesu Protocol Smart Contracts
VESU implements a fully permissionless DeFi lending protocol. Anyone can deploy and configure a pool. A core contract called Singleton holds all funds and manages all pools. All operations go through theSingleton, each pool has an extension which is called before/after any operation and defines the values for the operation. A default extension is provided, arbitrary extensions and/or misconfigured parameters can break their respective pools without affecting the rest of the protocol.
.png)
Summary
The most critical subjects covered in our audit are access control and functional correctness. The generalsubjects covered are unit testing, specification and trustworthiness. Security regarding all theaforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About SparkDAO Governance Relay
SparkDAO implements a relay for governance actions that allows for the execution of governance proposals across chains.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
The most critical subjects covered in our audit are integration with the supported bridges, access control and functional correctness. The general subjects covered are unit testing, documentation and trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Spark xchain-helpers
SparkDAO implements a library for cross-chain message passing along with contracts able to receive cross-chain messages.
"Spark is on a mission to empower the DAI ecosystem. As part of the MakerDAO community, Spark builds and manages DeFi infrastructure."
ChainSecurity has been consistently thorough in their reviews, reliable and accommodating in our time working with them.
Lucas Manuel, Co-founder at Phoenix Labs, working on Spark
Summary
Spacing Guild implements an ecosystem of private and public vaults with strategies managed by the Arrakis backend. The vaults use so-called modules to integrate with a third-party system to implement the strategies. Currently, the only available module is an integration with Valantis HOT.
The most critical subjects covered in our audit are asset solvency, functional correctness and precision of arithmetic operations. Security regarding all the afore mentioned subjects is good.
The general subjects covered are code complexity, gas efficiency, testing, and trustworthiness. Security regarding all the aforementioned subjects is satisfactory. However, the review brought to light the lack of thorough and meaningful testing, basic unit tests are done, but some of the bugs uncovered during the review could have been caught by proper end-to-end testing, see Rebasing Tokens Can Cripple theFunctionality of Vaults and RouterSwapExecutor Cannot Swap to Native Token. We encourage SpacingGuild to implement a more complete test suite.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Arrakis Modular smart contracts
Spacing Guild implements an ecosystem of private and public vaults with strategies managed by the Arrakis backend. The vaults use so-called modules to integrate with a third-party system to implement the strategies. Currently, the only available module is an integration with Valantis HOT.
"Arrakis is web3's trustless market making infrastructure protocol that enables running sophisticated algorithmic strategies on Uniswap V3. Liquidity providers can utilize Arrakis Vaults to have their liquidity be managed in an automated, capital efficient, non-custodial and transparent manner."
Summary
The most critical subjects covered in our audit are functional correctness, assets solvency and the correct adherence to the MakerDAO specifications. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, interaction with third party systems and the documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
ABOUT MAKERDAO PSM LITE
Maker implements a gas-efficient Peg Stability Module (PSM) where users can freely swap Dai for stablecoins.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, precision of arithmetic operations, and front-running.
Front-running protection has improved, as there was previously missing slippage protection, see Stop-Loss missing slippage protection. Functional correctness has improved, as swaps could previously fail on external markets, see Position Can Become Impossible to Close Due to Zero Swaps. Precision of arithmetic operations has been improved as there were previously rounding issues when providing liquidity, see Inflation Attack on Newly Added Tokens.
The general subjects covered are specification and gas efficiency.
The specification has improved, as the changes made during the fixes review process make the system more robust than it was previously, see Large Liquidations Can Fail. Gas efficiency has improved, as there were a large number of unecessary storage writes and reads in the margin dex contract, see Reading Unused Values from Storage in MarginDex.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Unstoppable Margin Dex
Unstoppable offers a margin trading platform that leverages the existing liquidity of decentralized exchanges (DEXs).
---
"Unstoppable is on a mission to render centralized platforms obsolete by providing a comprehensive permissionless alternative for every CEX feature."
Summary
The most critical subjects covered in our audit are the usage of transient storage and functionalcorrectness. Functional correctness is improvable due to incorrect data being written, see Aave V3actions bad data written. Additionally, there could be reentrancy scenarios in bad setups, see ReentrancyInto the Contract. In case governance is untrusted, governance could add contracts such that this couldbe exploited. Further, the design is improvable due to Collisions on Operations.
The general subjects covered are documentation, trustworthiness and gas efficiency. Documentation isimprovable, see Unclear actions setup. Trustworthiness is satisfactory. However, it is improvable, see theparagraph above.
In summary, we find that the codebase provides a satisfactory but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
About Summer.fi DMA v2 II Smart Contracts
Summer.fi implements updates to the DeFi Modular (DMA) Actions v2 architecture to support the usage of transient storage. See the previous report for reference.
---
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”
We continue to be grateful for the comprehensive audits by the ChainSecurity team. Their distinctive understanding of the DeFi space brings an unmatched level of confidence to the audits they employ for us. We are looking forward to continuing working together to bring DeFi forward.
Frank Brinkkemper Product Manager @ Summer.fi
Summary
Limited code reviews are best-effort checks and do not provide assurance comparable to a non-limited code assessment. This review was not conducted as an exhaustive search for bugs, but rather as a best effort sanity check. Given the large scope and codebase and the limited time, the findings are not exhaustive.
During the review we were able to uncover a medium severity issue regarding function deduplication. More specifically, functions that are not functionally identical could be assumed as such. As a result, calls to some of them would be replaced with calls to another one.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Fuel Fuel Sway Optimizations
Fuel implements various optimization passes for the IR. These aim to facilitate the bytecode generation that follows in the later steps of the compilation, as well as to improve the overall efficiency of the compiled program, both in terms of size and execution cost.
---
"Fuel is an operating system purpose-built for Ethereum rollups, designed to help developers build decentralized economies at scale".
Summary
The most critical subjects covered in our audit are functional correctness, access control and asset solvency. Security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, trustworthiness, and upgradeability. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Everstake ETH B2C Staking Dummy
Everstake implements a system to replace Everstake's core system in case of emergency. If due to any reasons, the Everstake protocol becomes unhealthy, the implementation in their deployed proxies will temporarily switch to the corresponding Dummy contract, until the issue gets addressed.
--
“Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018”
We wish to express our heartfelt gratitude for the remarkable collaboration and interaction we have experienced with ChainSecurity in the context of the Everstake ETH B2C Staking solution audit. The ChainSecurity team has consistently demonstrated an extraordinary level of expertise and professionalism, elevating every interaction with them to a level of genuine enjoyment and unparalleled productivity.
Bohdan Opryshko & Sergey Vasylchuk, COO & CEO @ Everstake
Summary
The most critical subjects covered in our audit are the correctness of the accounting, asset solvency, access control and functional correctness. During the audit, the most important reported issues were:
• Replacing a Validator Eventually Blocks the System
• Usage of address(this).balance in restake Can Block the System that requires from Everstake to inject liquidity to correct the accounting in case of necessity.
The issues have been fixed during the second week of the audit.
Security regarding all the aforementioned subjects is satisfactory. Even though the probability of one of the validators getting slashed is low, slashing could occur. That would require manual, trust-based intervention, see Slashing is not taken into account and Trust Model.
The general subjects covered are documentation, unit testing, code complexity, and gas efficiency. Documentation has been greatly improved after Version 3. Unit testing and testing in general is basic, a good test suite will help ensure corner cases are considered.
In summary, we find that the codebase provides a satisfactory level of security, provided the Trust Model. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Everstake ETH B2C Staking
Everstake implements a pooled staking service for Ethereum, where the rewards are reinvested in the pool and the validators are managed by Everstake.
--
“Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018”
We wish to express our heartfelt gratitude for the remarkable collaboration and interaction we have experienced with ChainSecurity in the context of the Everstake ETH B2C Staking solution audit. The ChainSecurity team has consistently demonstrated an extraordinary level of expertise and professionalism, elevating every interaction with them to a level of genuine enjoyment and unparalleled productivity.
Bohdan Opryshko & Sergey Vasylchuk, COO & CEO @ Everstake
Summary
The most critical subjects covered in our audit are compliance with the specification, correctness of the arithmetic operations, and functional correctness. No major issues were uncovered. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Lido LIP-23: Rebase Check Smart Contracts
Lido implements an improvement of the OracleReportSanityChecker which aims to mitigate the riskof malicious oracle daemons colluding and reporting excessive negative rebases of stETH.
“Lido is a liquid staking solution for ETH backed by industry-leading staking providers. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending.
Lido attempts to solve the problems associated with initial ETH staking – illiquidity, immovability and accessibility – making staked ETH liquid and allowing for participation with any amount of ETH to improve security of the Ethereum network.”
We are completely satisfied with this engagement. ChainSecurity team was very flexible about slot booking and provided deep code analysis with non-trivial findings.
I’ve asked around about this whole experience and everyone considers your work over the top, thank you so much! ❤️
Lido on Ethereum Contributors
Summary
Limited code reviews are best-effort checks and don't provide assurance comparable to a non-limitedcode assessment. This review was not conducted as an exhaustive search for bugs, but rather as abest-effort sanity check for the pull requests of interests. The review was executed by one engineer overtwo weeks. Given the large scope and codebase and the limited time, the findings aren't exhaustive.
The most critical subjects covered in our review are the functional correctness of the ABI decode routine,invalid memory and storage reads as well as correct handling of function exports. Several issues werefound in the ABI decoding routine as shown in the issues ABI-decode incorrect checks for complex typeshead and ABI-decode incorrect checks for Dynamic array head and fixed in subsequent pull requests.Additionally make_setter overlaps with static call presents an issue with an invalid read due to aread-after-write pattern.
It is important to note that security reviews are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
The following sections will give an overview of the system, our methodology, the issues uncovered andhow they have been addressed. We are happy to receive questions and feedback to improve our service.
About Vyper Compiler ABI decoder and v0.4.0 pull requests
This review concentrated on multiple pull requests of the to-be-released version 0.4.0 of the Vypercompiler. The review focused on the ABI decode routine, recent fixes and new features such as functionexports or transient storage integration.
---
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are the system's solvency, the precision and correctness of arithmetic operations and oracle manipulation resistance. We found that the security of the former two topics is high. Oracle manipulation resistance is high, especially since the BAMM does not rely on an oracle as a traditional Lending protocol would, however, we emphasize the costs and risks of oracle manipulation in Oracle manipulation on FIFO L2s.
Other general subjects covered are rounding direction correctness and denial of service. We found that the rounding direction has generally been implemented correctly and only minor denial of service patterns were found and documented in Denial of Service against liquidations and Denial of Service against redeeming and executing actions.
Frax Finance has been very responsive to our findings and has addressed most of the issues we reported. The remaining issues are minor and do not pose a significant problem.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Frax BAMM Smart Contracts
Frax Finance implements BAMM, a Borrow AMM, that wraps Frax swap LP tokens and allows users to borrow the two underlying assets of the pair.
"The Frax ecosystem is a self-sufficient DeFi economy utilizing stablecoins as currency."
Summary
The most critical subjects covered in our audit are liquidation rewards, functional correctness and precision of arithmetic operations.
Security regarding liquidation incentives is high, an unexpected peculiarity was identified where the system can incentivize liquidators to perform multiple partial liquidations instead of a single full liquidation (see Multiple partial Liquidations can result in higher than expected discount). Security regarding functional correctness and arithmetic precision are also high.
The general subjects covered are liveness, solvency, and access control. Security regarding all theaforementioned subjects is high.
During the review by ChainSecurity, issues identified by other concurrent auditors were disclosed before they could be found by ChainSecurity. Those issues are not included in the report, and we are unable to tell whether they would have been found or not.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Euler Vault Kit
Euler implements Euler Vault Kit, a system for building lending vaults where lenders can earn interest on their deposited assets and borrowers can borrow the deposited assets against collateral. The system is designed to be modular, allowing the creation of lending markets with flexible configurations.
—
Euler v2 is a modular lending platform with two main components at launch: 1) the Euler Vault Kit (EVK), which empowers builders to deploy and chain together their own customised lending vaults in a permissionless manner; and 2) the Ethereum Vault Connector (EVC), a powerful, immutable, primitive which give vaults superpowers by allowing their use as collateral for other vaults. Together, the EVK and EVC provide the flexibility to build or recreate any type of pre-existing or future-state lending product inside the Euler ecosystem.
ChainSecurity delivered an exceptional audit for our project. Their meticulous approach and quick responsiveness enhanced our security and provided crucial insights. We greatly appreciate their dedication and excellent communication throughout the process.
Erik Arfvidson, Head of Cybersecurity, Euler Finance
Summary
The most critical subjects in our audit are functional correctness, access control and the correct adaption of the existing Curve code. The general subjects covered are documentation and error handling.
In summary, we find that the codebase provides an good level of security.
Note that the audit focused on the diff with Curve. In case there is an issue in Curve, it might be present in the audited codebase in scope.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About DeFi Money Core
DeFi.Money implements a stablecoin system based on Curve's LLAMMA architecture. The changes include architectural changes, aggregation of market data for efficiency and the introduction of hooks.
--
DeFi.Money is an agnostic stablecoin built for global order.
Source: https://defi.money/
Summary
The most critical subjects covered in our audit are access control, signature handling, functionalcorrectness, gas griefing and front-running. Security regarding all the aforementioned subjects issatisfactory.
The general subjects covered are code complexity, trustworthiness, documentation and gas efficiency.The codebase is generally well written and includes inline comments that improve the readability of code.Contracts in scope are not upgradable and do no have privileged roles, hence providing a high level oftrustworthiness.
The system offers flexibility and new features can be plugged in by scripts. We would like to emphasizethat developers should carefully assess new scripts to avoid introducing vulnerabilities that can exploituser's wallets. Users should also carefully evaluate scripts and their parameters. Interacting with amalicious script or passing wrong parameters to a verified script could be enough to exploit a wallet.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
About Compound Quark Smart Contracts
Compound implements Quark Wallets which is a system for account abstraction based on walletcontracts that can run arbitrary code (scripts), deployed by a special contract CodeJar. Users can thentrigger actions from their wallets by executing scripts directly or signing messages according to EIP-712format.
---
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
#Source
ChainSecurity has been an outstanding security partner who has earned our admiration and respect based purely on their technical competence and skill. They always go above and beyond to ensure their auditing is of the highest quality, and they are consistently excellent over the many projects we have done together.
Jared Flatow, VP of engineering
Summary
Limited reviews are best-effort checks, and do not provide assurances comparable to a non-limited codeassessment. Note that only the differences between Gravita and Trinity were in scope, assuming Gravitais bug-free.
The most critical subjects covered are correct accounting, correctness of the liquidation and redemptionmechanisms, and correctness of the fees and their distribution. Accounting correctness was improved, asthe issue Vessel Fees Are Not Added to Global Debt was fixed. Correctness of the redemption andliquidation mechanism was low, see Redemptions Are Not Possible in Recovery Mode and LiquidationsAre Not Disabled. In response to this, there was a major specification change during the review period.Correctness of the fees is improvable, see Borrowing fees are not applied before closing a vessel andBorrowing fees need to be triggered every epoch.
The general subjects covered are testing and documentation. Testing could be improved, as manyfunctional issues were uncovered that could have been found through rigorous testing. Documentationcould be improved, as some changes made are not yet documented in detail.
As the goal of this limited review was to provide time-bound security insights on a complex codebase in alimited time, and as a large number of issues were uncovered, we refrain from assigning a specificoverall level of security to the codebase.
It is important to note that security reviews are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
About Trinity
Trinity is a protocol designed to facilitate borrowing against yield-bearing collateral. Borrowers mint TRI, adollar-based token that can be used to take leveraged T-Bill positions and capture Trinity protocol feesthrough staked TRI (sTRI).
Summary
The most critical subjects covered in our audit are functional correctness, access control and signature handling. Security regarding all the aforementioned subjects is high. The general subjects covered are code complexity, specifications, and trustworthiness. The codebase is well structured, and specifications are satisfactory. Each Argent account has a trusted owner that has the ultimate control of an account and sets the rules for recovery. If owners enable recovery functionalities, they can choose any party to serve as guardian for their account.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Argent Account
Argent implements Argent account and Multisig account which are a set of smart contracts build on top of Account Abstraction of Starknet. Each Argent account is controlled by an owner who can use different signing methods to submit transactions to the account. The owner can set guardians to increase the security of their accounts, and help in recovery in case the private key is lost. Each Multisig is controlled by several signers, and a guardian can also be set for account recovery.
---
Argent is a self-custody smart wallet for Starknet with over 2 million downloads. Their smart wallets offer advanced security features, including 2FA, Fraud Protection, and no seed phrase. Argent's Starknet smart contract secures over half a billion dollars and is trusted by leading centralised exchanges. In their six years of building smart wallets, Argent’s smart contracts have never been breached.
ChainSecurity demonstrated exceptional professionalism and expertise throughout the audit. They posed insightful and thought-provoking questions, showcasing great attention to detail. Undoubtedly, they are one of the best teams out there. Julien Niset, Co-founder & CSO @ Argent
Summary
The most critical subjects covered in our audit are functional correctness, oracle manipulation resistance and the correctness of protocol integrations.
All contracts show high security in all of the aforementioned subjects after the following issue has been successfully resolved: RedstoneCoreOracle update with stale data.
In summary, we find that the codebase currently provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Euler Price Oracles
Euler implements oracle contracts for different providers and a router that maps asset pairs to their corresponding oracle. The contracts are meant to be used in conjunction with Euler’s Ethereum Vault Kit (EVK).
—
Euler v2 is a modular lending platform with two main components at launch: 1) the Euler Vault Kit (EVK), which empowers builders to deploy and chain together their own customised lending vaults in a permissionless manner; and 2) the Ethereum Vault Connector (EVC), a powerful, immutable, primitive which give vaults superpowers by allowing their use as collateral for other vaults. Together, the EVK and EVC provide the flexibility to build or recreate any type of pre-existing or future-state lending product inside the Euler ecosystem.
ChainSecurity delivered an exceptional audit for our project. Their meticulous approach and quick responsiveness enhanced our security and provided crucial insights. We greatly appreciate their dedication and excellent communication throughout the process.
Erik Arfvidson, Head of Cybersecurity, Euler Finance
Summary
The critical subjects covered in our audit are authentication, checks enforcement, and adherence to the specification. Security regarding all the aforementioned subjects is high.
Some issues of low severity have been addressed by Euler by accepting them as part of the specification and improving the documentation.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Euler Ethereum Vault Connector
Euler implements Ethereum Vault Connector, a general framework for vaults interoperability for the purpose of arbitrary lending markets creation.
Euler v2 is a modular lending platform with two main components at launch: 1) the Euler Vault Kit (EVK), which empowers builders to deploy and chain together their own customised lending vaults in a permissionless manner; and 2) the Ethereum Vault Connector (EVC), a powerful, immutable, primitive which give vaults superpowers by allowing their use as collateral for other vaults. Together, the EVK and EVC provide the flexibility to build or recreate any type of pre-existing or future-state lending product inside the Euler ecosystem.
ChainSecurity delivered an exceptional audit for our project. Their meticulous approach and quick responsiveness enhanced our security and provided crucial insights. We greatly appreciate their dedication and excellent communication throughout the process.
Erik Arfvidson, Head of Cybersecurity, Euler Finance
Summary
The most critical subjects covered in our audit are functional correctness and front-running resilience.
Front-running resilience is good as long as operations admins deploy validators with the appropriate arguments.
Functional correctness is high but some functionality is missing that will be added at a later stage (seeVerified validator balance not counted).
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
About Moebius smart contracts
Moebius implements a transferrable token that represents stake in EigenLayer. Liquid staking tokens and native tokens can be deposited into the protocol to mint such tokens. Deposited native tokens are handled custodially by the protocol's third party operators running Ethereum validators.
"Moebius unifies restaking, allowing users to earn tokenized points by depositing into multiple restaking protocols."
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and precision of arithmetic operations. Security regarding asset solvency is high. Security regarding functional correctness is satisfactory, however users should be aware that the rare event of redeployment of PowerToken might cancel their token transfers or inflations in the last two epochs before the redeployment event, see Side-effects of Resets. Precision of arithmetic operations is improvable due to the rounding errors in the PowerToken that accumulate over time, see Effects of Roundings in PowerToken.
The general subjects covered are code complexity, use of uncommon language features, and gas efficiency. The code-base extensively employs assembly code to manually compute storage slots for array entries. While no specific issues have been detected with this usage, it is worth noting that this approach bypasses the safety features implemented by Solidity. The code-base can be more efficient in terms of gas, see Gas Optimizations.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About M^ZERO Protocol and Governance
M^ZERO Labs implements a stablecoin (MToken) backed by real-world assets, like T-bills, along with a Two-Tokens Governance system (TTG).
Summary
The audit found multiple severe issues (for a detailed description see the Resolved Findings section). All severe issues have been fixed accordingly. In summary, we find that the codebase now provides a good level of security.
Yet, the types of issues identified indicated that the code had an insufficient diligent internal review process and meaningful testing. E.g., the critical issues should have been caught as these issues are well-known in vaults. We highlight this to make YieldNest aware that in the event of contract updates, a thorough review and testing process is essential to ensure the security of the codebase.
For the current version of the code, we are not aware of any further severe issues, but it is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project. These measures include, but are not limited to, further unit and integration testing, fuzzing, and a careful roll-out in case significant funds are expected to be held by the new code base.
About YieldNest Protocol
YieldNest implements a liquidity pooling system built on top of EigenLayer, where users can deposit ETH and LSD tokens and earn yield.
YieldNest is a next-generation liquid restaking protocol that provides simple-to-understand, risk-adjusted restaking strategies.
Summary
The most critical subjects covered in our audit are the safety of the funds, the reward accumulation and distribution mechanism, the calculation of the computation units, and the vesting mechanism. The security of the funds is high as we were not able to uncover ways to steal user's funds. Reward distribution could be unfair in case a staker front-runs reward distribution (see Recent stakers get unfair yield). It could also be blocked if the number of workers grows a lot (see Reward distribution can run out of gas). The CU calculation could be improved as there are cases where CUs are double-counted (see Computation units are not split between an operator's gateways). The vesting could break in case the user claims their rewards through the vesting contract. All the issues have been addressed.
The general subjects covered include but are not limited to access control, rounding errors, the rollup (ArbitrumOne) where the contracts are to be deployed, documentation, and specification. The security regarding access control and rounding errors is high. Even though there exists a lot of documentation for the protocol itself, the interface of the on-chain part to the rest of the system is underspecified. Therefore, we had to make assumptions about how the system will be implemented e.g., what events are going to be observed. Hence, there could be more issues in this area that were not anticipated by the auditing team. Testing could also be improved as we uncovered a few issues that could be easily detected this way.
In summary, we find that the security of the codebase is satisfactory but there is room for improvement.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Subsquid
Subsquid implements the on-chain part of the Subsquid protocol. The various parties of the system can stake their $SQD tokens in exchange for rewards for workers and stakers or computation units (CUs) for gateway operators.
---
"A peer-to-peer network to batch query and aggregate terabytes of on-chain and off-chain data in a ridiculously efficient way"
Source: https://subsquid.io/
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and front-running resistance. Security regarding all the aforementioned subjects is high.
The general subjects covered are system customisation, documentation, and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Swaap Earn Protocol
Swaap Labs implements asset management system, based on Sommelier Protocol, where Fund contracts can be created to manage the different assets. Funds have limited functionality and rely on adaptors to interact with external protocols. The system is designed to be modular and flexible, allowing for the addition of new adaptors and supported assets.
"Swaap is an innovative market-making protocol specializing in blue-chip crypto assets. Through pioneering models developed in collaboration with leading institutions, Swaap is revolutionizing DeFi market-making by providing liquidity providers with effortless and superior market-making strategies."
Source: Swaap Finance team (https://swaap.finance/)
.svg)
Summary
The most critical subjects covered in our audit are correct accounting and access control. All covered subjects provide a high level of security.
It is worth to mention that the ambiguous guidelines for creating questions can lead to problematic cases in certain circumstances as can be seen in Emergency resolution mechanism possibly not sufficient.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket NegRisk adapter
Polymarket implements an adapter contract that plugs between a conditional token exchange and the
actual conditional tokens contract to enable prediction markets with multiple binary questions where
exactly one question resolves to YES while all other questions resolve to NO. Additionally, an auxiliary
contract is implemented that permissions the question creation.
—
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead
Summary
The most critical subjects covered in our audit are functional correctness, signature handling and correct interactions with the Gas Station Network (GSN).Security regarding functional correctness and signature handling are high.In summary, we find that the codebase provides a high level of security.It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket proxy wallet factories
Polymarket implements two factories for creating wallets that allow Polymarket to execute transactions
on behalf of users.
—
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead
Summary
The most critical subjects covered in our audit are functional correctness and the resilience of elliptic curve calculations used in ID computation.Security regarding functional correctness is high. Furthermore, the possibility of negating IDs on the used elliptic curve (and the subsequent possibility if creating “all-purpose” tokens) does not pose a security risk within the conditional token framework but adds additional complexity that should be taken into consideration when using conditional tokens (see Infinite minting of position tokens with no value).In summary, we find that the codebase provides a high level of security.It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket Conditional Tokens
Polymarket uses gnosis conditional tokens to represent positions in prediction markets with binary
outcomes.
—
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead
Summary
Gearbox Protocol implements the third version of the core Gearbox protocol, a protocol that allows users to open leveraged positions on various protocols.
The codebase has undergone a relatively large number of review iterations. These iterations included 3 brainstorming sessions with the Gearbox team where different attack vector scenarios were discussed. While our rigorous iterative process reflects our commitment to enhancing the security of the protocol, it also highlights its complexity and the need for continuous vigilance. Our client’s codebase is fundamentally secure, yet our thorough approach underlines the evolving nature of security threats and our proactive stance in anticipating and mitigating potential risks.
The most critical subjects covered in our audit are the correctness of the accounting of the debt, the interest and the fees, the voting, the configuration of the system, the implementation of the quotas, the liquidation mechanism, and the opportunities to execute arbitrary code. The most important issue Too Many Bots Can Block Liquidation, uncovered in the first iteration of the review, could temporarily prevent the liquidation of a credit account. The issue has been fixed. During the fixes review a critical issue Anyone Can Redistribute The Votes was uncovered which completely breaks the voting mechanism used by the system. The issues have been addressed. The most recent iterations only revealed up to medium severity issues. Hence, we find the security regarding the aforementioned subjects to be high. It is important to note that the project is significantly exposed to errors or misunderstandings in the functionality of integrated third-party systems. Reviewing these external systems for correctness was out of the scope of this audit.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high, however, we need to emphasize that the code complexity is high. Moreover, the contracts in this scope have undergone many changes during the review. This in combination with the fact that the reviews are limited in time reduces our confidence in the assessment of the system's security level.
In summary, we find that the codebase could provide a high level of security should all the issues be fixed and no more issues be uncovered during the review of their fixes. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Gearbox V3 Core
Gearbox Protocol implements the third version of the core Gearbox protocol, a protocol that allows users to open leveraged positions on various protocols.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and the correct integration into the existing D3M v2 system.
The general subjects covered include compliance with ERC standards and maintaining the consistency of the codebase.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO - D3M ERC4626
MakerDAO has implemented new components for the existing D3M v2 system: an ERC-4626 compatible pool designed for use with MetaMorpho and a plan that enables an operator to set a target asset amount.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are the correct use of Arbitrum's bridging mechanism, the safety of the funds and the correct implementation of the distribution intervals. No major issues were detected. Security regarding all the aforementioned subjects is high.
The general subjects covered are functional correctness, gas efficiency, specification anddocumentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but do not replace other vital measures to secure a project.
About Offchain Labs Fund Distribution
Offchain Labs implements a fund router to collect funds to the Arbitrum's DAO treasury deployed on Arbitrum One from various rollups and chains (Arbitrum Nova, or Orbit chain via Ethereum).
---
"Offchain Labs has built a suite of products for developers, businesses, and individuals to harness the full potential of Ethereum technology."
Summary
The most critical subjects covered in our audit is the functional correctness, security of assets managed and impact/added risk on the existing Maker system.
This iteration of the review focussed on the redesigned implementation of the D3MHub and fixes of issues raised in the last review. The documentation available only gives a high level description of the system, description of detailed behavior (e.g. temporary exceeding debt limits during a transaction) or limitations (unsupported/broken distribution of pool shares in case of loss) is missing.
In summary, apart from the raised concerns when a third party system makes a loss and the pool shares held no longer cover the expected DAI amount, we find that the codebase provides a high level of functional correctness and security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Direct Deposit V2
Direct Deposit Module V2 is a modular framework which allows to generate and deposit DAI into third party systems in order to earn yield. For each supported third party a Plan contract implements the calculations to reach the target state while a pool contract manages the interaction between the D3MHub and the protocol.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are the functional correctness of the proposal and the correctness of the proposal with regards to lifecycle of a proposal in the Arbitrum ecosystem. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, testing, documentation and specification. There was no end-to-end testing for the proposal flow. Security regarding all the rest of the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Arbitrum Security Council AIP
Arbitrum Foundation implements an Arbitrum Improvement Proposal (AIP) that aims to increase the signature threshold of the non-emergency Security Council multisig on Abitrum One (0xADd68bCb0f66878aB9D37a447C7b9067C5dfa941) from 7 to 9 signatures. Moreover, a library for conditional updates of the constitution was implemented.
---
"Arbitrum is a protocol that makes Ethereum transactions faster and cheaper. Developers use Arbitrum to build user-friendly decentralized apps (dApps) that can take advantage of the scalability benefits of the Arbitrum Rollup and AnyTrust protocols."
Summary
The most critical subjects covered in our audit are functional correctness, access control and integration with the core protocol. Security regarding all the aforementioned subjects is high.
The general subjects covered are testing and documentation. Security regarding all the aforementioned subjects is high. However, testing could be improved to test the ability to repay and to top-up.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO kill switch
Sparklend implements a switch allowing arbitrary addresses to disable borrowing in case of a depeg of a pegged asset.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are the impact of this change on the existing system and the correctness of the changes introduced. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO core updates to Sparklend
Sparklend disabled the flashloan into borrow functionality in an effort to remove a potential attack vector. This change was done as part of applying the Jan 10th patch which fixes a vulnerability. The function getReservesCount is now exposed publicly as part of the introduced changes. No issue with these changes has been uncovered.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, integration in the underlying system, and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are specification and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Sparklend Freezer
MakerDAO implements an emergency spells system for SparkLend.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and integration with external systems. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradeability, documentation, specification, gas efficiency, trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions IV Smart Contracts
Avantgarde Finance implements a new version of the Curve price feed and adapted the Curve liquidity and and Convex Curve adapters while minor updates to the ParaswapV5 adapter have been made. Moreover, external positions for lending on Maple, borrowing on Liquity, vote-locking for Convex, and delegating on The Graph were implemented. Also, a shares splitting contract for splitting fees, including its surrounding architecture, were implemented.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code assessment. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for the pull requests of interests. The review was executed by one engineer over a period of two weeks. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.
The largest pull requests that were reviewed revamp the import system and introduce stateless and stateful modules to the Vyper language. The semantic analysis phase has been updated to support these new features and to be globally more robust. Constant folding has been modified so that it no longer breaks Vyper semantics. Additionally, more fined-grained variable read/write analyses have been introduced.
We find that the reviewed pull requests benefit both the language by adding new important features and the codebase in terms of consistency, readability and robustness. While the enforcement of type annotation for loop iterators improve greatly the type-checking phase, multiple issues related to loops were found as highlighted in Loop iterator overflow signed type, Double evaluation of range’s start and Mistyped loop iterable.
Other important issues have that have been identified related to the layout override feature as shown in Overriding storage allocator does not handle stateful modules and Overriding storage allocator does not handle reentrant functions properly.
While no critical issues were found in the implementation of modules, we strongly recommend intensive testing of the new system before releasing it.
At the time of the review, the documentation of the modules system seems to be lacking and we recommend improving it.
About limited review - Vyper compiler modules
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and accesscontrol. Functional correctness is good, but there were some issues uncovered, such as Rounding Errorsin TRC20 methods. Security regarding the other subjects is high. Note that any off-chain parts of thesystem are out of the scope of this review.
The general subjects covered are unit testing, documentation, code complexity, and gas efficiency. Unittesting is non-existent, as no unit tests were provided with the code. Documentation is improvable, as thecode is missing NatSpec on many functions, and no public documentation page exists. Code complexityis improvable, as low-level code is used in places where it is not necessary. The proxy pattern usedworks correctly but does not follow best practices that aid in avoiding mistakes during upgrades. SeeProxy Upgrades Must Be Well-tested. Gas efficiency is good.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Theycomplement but don't replace other vital measures to secure a project.
About stUSDT Smart Contracts
stUSDT is a custodial system for providing off-chain yield to users on-chain. Users receive the stUSDTtoken as a representation of their deposit in the system and can create a withdrawal request to turn theirdeposit back into USDT.
---
"stUSDT is the receipt token users receive upon staking USD stablecoins on the platform. This decentralized intermediary to real-world assets allows holders to participate in real-world investment directly and start earning rewards."
We appreciate ChainSecurity for their thorough auditing of stUSDT, which has been instrumental in safeguarding our platform’s security. Their expertise in understanding Real-World Assets (RWA), combined with their meticulous approach and insightful feedback, aligns perfectly with our commitment to continually enhance the protocol’s functionality and security.
RWA DAO, stUSDT
Summary
The most critical subjects covered in our audit are functional correctness, oracle security and internal accounting. Security regarding all aforementioned subjects is high.
Functional correctness is good. Issues like Execution of wrong governance change and some smaller problems have been adequately fixed.
Newly created pools allowed Endless rebalancing due to a flaw in the handling of oracle prices. This has been addresses by rebalancing rewards being activated by governance as long as this is done in a correct manner considering TVL of the pool and CNC price.
The internal accounting of some tokenomics contracts was flawed due to Reward double counting and Wrong accounting in Bonding. These issues have also been addressed.
It should be noted that the security of funds is dependent on parameters like the imbalance buffers of the Curve oracle. These must be chosen with care (considering Curve pool fees, the share of a Conic pool’s Curve LP tokens etc.) to avoid the possibility of arbitrage opportunities.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
We have also conducted a deployment validation of Conic’s codebase. All security-relevant parameters of the deployed contracts as well as the evolution of these (starting from the block of the deployment of each contract until Ethereum block # 19127196) have been reviewed. All contracts have been deployed in accordance with our security audit. The deployment validation report can be found here: Conic protocol Deployment Validation by ChainSecurity
About Conic Protocol
Conic implements Omnipools for Curve that allow to deposit a single asset into multiple Curve pools. The exposure to different Curve pools is changed in fixed time intervals by Governance vote.
—
“Conic Finance is an easy-to-use platform built for liquidity providers to easily diversify their exposure to multiple Curve pools. Any user can provide liquidity into a Conic Omnipool which allocates funds across Curve in proportion to protocol controlled pool weights.”
Conic's V2 audit by ChainSecurity was exceptional. Their thorough analysis revealed complex edge cases, providing invaluable insights that exceeded our expectations and underscored our commitment to providing the highest level of security
C-3PO
Summary
The most critical subjects covered in our audit are functional correctness, manipulation resiliency and the integration of the CapAutomator into the existing SparkLend protocol. A notable issue was identified in the original code where setting caps to zero is not restricted, leading to the potential bypass of the cooldown period and risks of lifting the cap (see Cap of 0 ignores increase cooldown).
After the intermediate report, all identified issues have been addressed or acknowledged.
The general subjects covered are optimizations and adherence to the specifications.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO Sparklend cap automator
SparkLends CapAutomator manages supply and borrow caps for assets in SparkLend. It allows anyone to trigger updates to these caps based on predetermined parameters, with the new cap values calculated using the current supply and a specified gap, subject to maximum limits and cooldown periods.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
.svg)
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and access control. Security regarding asset solvency is improvable, see Broken integration with special ERC20 tokens. Security regarding the other aforementioned subjects is high.
The general subjects covered are documentation and specifications, code complexity, and gas efficiency. The security regarding all aforementioned subjects is high.
Developers deploying new OFTs or OFTAdapters should consult the documentation and specifications to ensure that omnichain fungible tokens are implemented correctly. Developers should also be aware of special behaviors that are noted in this report.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About LayerZero OFT/OAPP
LayerZero offers a set of smart contracts that implement Omnichain Applications and Omnichain Fungible Tokens, which are built on top of the LayerZero’s protocol. Omnichain Fungible Tokens extend the standard ERC20 tokens by providing bridging functionalities to other chains natively. This review is focused only on the execution layer, while the underlying infrastructure for message passing is assumed to be correct.
—
“LayerZero is an interoperability protocol that connects blockchains (50+ and counting), allowing developers to build seamless omnichain applications, tokens, and experiences. The protocol relies on immutable on-chain endpoints, a configurable Security Stack, and a permissionless set of Executors to transfer censorship-resistant messages between chains.”
Summary
The most critical subjects covered in our audit are functional correctness, security of the assets and adherence to the TRC-20 specification. Security regarding all the aforementioned subjects is high.
The general subjects covered are energy efficiency and usability. The code is derived from a legacy OpenZeppelin implementation originally written for Solidity version 0.4.24. While it has been adapted for compilation with Solidity 0.8.x, it does not utilize newer Solidity features, such as built-in SafeMath or immutables. Consequently, the code is not optimal, particularly in terms of energy consumption.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About HTX DAO - HTX Token
HTX DAO implements the HTX token following the TRC-20 standard with immutable parameters set at deployment, including its name, symbol, decimals, and an initial fixed supply minted to the deployer. The token enables standard functionalities such as transfer and approval. Importantly, it does not allow for additional token minting, ensuring a fixed supply. It operates without any roles endowed with special privileges.
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. The security of all aforementioned subjects is high. Please note that there might be some unexpected scenarios (e.g. undercollateralized loans in Term Finance) that are intentionally unhandled, see System Overview, Assessment Overview and Notes.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation. The security of all aforementioned subjects is high. However, note that in some scenarios the system may fail to untrack positions which could lead to increased gas costs, see Failing to untrack offers of cancelled auctions.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Sulu Extensions XIV
In the development of version 5 of the protocol, which builds on the existing Sulu system, Avantgarde Finance has implemented several changes to the connectors for external systems. The ZeroEx Adapter now includes support for over-the-counter (OTC) orders. Additionally, a new external position has been introduced to interact with Term Finance, supporting lending only. For the existing Maple integration, outdated code related to version 1 and its corresponding migration code have been removed. Furthermore, the validation function has been updated to reflect recent changes in Maple.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are functional correctness, solvency of battles, and access control. Security regarding all aforementioned subjects is satisfactory.
The general subjects covered are rounding errors, denial-of-service, documentation and gas efficiency. The security regarding rounding errors is satisfactory, while the security regarding denial-of-service is improvable (see Battles With Malicious Starting Prices). The codebase could be improved regarding gas efficiency (see Gas Optimizations). The documentation and inline code specification can also be improved.
We thank the Tenet Technology Ltd team for always being responsive and very professional during this engagement.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Divergence Protocol V1C
Tenet Technology Ltd implements an Automated Market Maker(AMM) for digital options. In this system, liquidity providers (LPs) provide liquidity at their positions of interest. Afterwards, traders can buy put or call digital options to take a position whether the price of an underlying asset exceeds the strike price at maturity or not. LPs collect the option premiums and fees paid by traders.
—
“Divergence v1 is a novel noncustodial automated market maker for options with a predetermined payoff structure. It enables access to an extensive selection of options pools, each with a distinct underlying asset, strike price, maturity, and collateral token. The decentralized protocol facilitates on-chain peer-to-pool swaps of options tokens, with minimal friction, enhanced capital efficiency, and low transaction costs. Its model-free pricing approach empowers individual users to flexibly price and tailor options exposure.”
ChainSecurity scrutinized our multiple iterations, with impressive sophistication and attention to detail. Their talented team meticulously dissected our very complex mechanism and code architecture. Their insightful analysis helps us immensely. A real pleasure to work with, and we look forward to continuing engagements.
Lianne Li, Divergence Founding Member
Summary
Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code assessment. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for the pull requests of interests. The review was executed by one engineer over a period of two weeks. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.
The subjects covered by our review are detailed in the Review Overview section.
The large number of issues related to the behavior of the compiler if the builtin functions are folded or not shows that special attention should be given to this part of the compiler. We find that the ongoing effort of merging the general Vyper semantics and folding semantics is the right approach to solve those issues altogether.
The general subjects covered are memory allocation and safety, order of evaluation and semantics of the builtin functions. No major issue was found in the aforementioned subjects.
About limited review - Vyper Compiler Built
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. However, front-running protection and accurate fund valuation are improvable due to inaccuracies, see StakeWise V3 Position Ticket Valuation.
Similarly, delayed fund valuation may be problematic, see Slashing Can Be Avoided. Further, functional correctness could be improved, see StakeWise Deposit May Revert.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions XII
Avantgarde Finance implements external positions for staking with StakeWise v3.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are the correct implementation of the PegKeeperV2 and the PegRegulator, the handling of assets by the PegKeeper, and attack vectors based on the manipulation of the liquidity and price oracles. No major issues were uncovered during the review. All the issues have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, gas efficiency, documentation, and specification and testing. The security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
Curve implements PegKeeperV2 a more fine-grained version of PegKeeper. The goal of PegKeeperV2 is to maintain the peg of CRVUSD in its stablepools by adding or removing liquidity in the form of CRVUSD.
—
About Curve PegKeeperV2
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance
Summary
The most critical subjects covered in our audit are the functional correctness of the contracts, the oracle configuration, and the interaction with the rest of the Gearbox system. No severe issues were uncovered. All the issues reported have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V3 Oracles
Gearbox Protocol extends and refactors the oracle functionality used by the Gearbox Core V3.
—
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are functional correctness, access control, absence of reentrancy possibilities, handling of funds and precision of arithmetic operations. Security regarding all is generally good. Security regarding functional correctness is good as long as drying out the Aave pool on purpose, see Provoking an Aave Liquidity Crisis, is unprofitable based on the borrow and supply caps, and the flashloan fees.
The general subjects covered are code complexity, error handling, unit testing, documentation, specification, gas efficiency, trustworthiness and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Strategies
Mangrove Association updated the existing strategies Mangrove Order, implementing Good-till-cancelled and Fill-or-kill orders, and Kandel, a “buy low, sell high” market-making strategy that leverages the Mangrove core system, while optimizing the capital efficiency by supplying the idle funds on AaveV3. The code was mainly adapted for compatibility with the changes made in the core. Additionally, the changes include some simplifications.
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
Summary
Even though the codebase is complex, we did not find any severe issues. The code quality is good and Mangrove provides a good documentation for their project.
The general subjects covered are functional correctness, security and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove core
Mangrove Association (ADDMA) implements an order book-based exchange where makers can post offers that are essentially promises to trade a certain token pair for a specified amount.
Takers can take these offers. When a taker takes an offer, the maker’s smart contract is called and needs to fulfill the promise to exchange the tokens. If the maker does not meet their obligation, a pre-defined gas reimbursement will be given to the taker. Makers need to deposit the funds to reimburse takers when creating the offer.
The project allows participants full control over their funds up until they can really be exchanged. Hence, avoiding idle or stale funds waiting for order execution. This version implements a new internal data structure, using a tree of bitmaps in order to efficiently find the next-best offer in the order book.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
Summary
The most critical subjects covered in our audit are the functional correctness of the contracts, the adapter configuration, the movement of the assets, and the interaction with the rest of the Gearbox system. A high severity issue was uncovered in one of the iterations where anyone could redeem on behalf of any user by front-runnng the signed permit or back-running the approval of the user. The issues have been addressed in the final commit. All in all, all the issues reported have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security as no more issues were uncovered. We need to emphasize that the interactions between different components of the Gearbox system are complex. Moreover, the contracts in this scope have undergone many changes during the review. This in combination with the fact that the reviews are limited in time reduces our confidence in the assessment of the system’s security level.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V3 Integrations
Gearbox Protocol refactors the adapter contracts used to interact with third-party protocols.
—
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Herodotus on Starknet
Herodotus provides a bridge between Ethereum’s L1 and Starknet’s L2, allowing for trustless proofs of state and storage values of Ethereum accounts on Starknet. Data integrity is ensured through on-chain verification mechanisms leveraging Merkle Mountain Range (MMR) and Merkle Patricia Trie (MPT) verifications.
—
“Herodotus is a powerful data access middleware that provides smart contracts with synchronous access to current and historical on-chain data across Ethereum layers.”
Summary
The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Herodotus on Starknet
Herodotus provides a bridge between Ethereum’s L1 and Starknet’s L2, allowing for trustless proofs of state and storage values of Ethereum accounts on Starknet. Data integrity is ensured through on-chain verification mechanisms leveraging Merkle Mountain Range (MMR) and Merkle Patricia Trie (MPT) verifications.
—
“Herodotus is a powerful data access middleware that provides smart contracts with synchronous access to current and historical on-chain data across Ethereum layers.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and standard compliance. Security regarding standard compliance is high. Security regarding access control has been improved since the first iteration of this report (see permission can be bypassed in transferFrom()). Additionally, a critical issue allowing users to spend encumbrance of other users in certain cases has been disclosed and fixed by Compound after the first iteration of this report: Encumbered balances can be transferred. Functional correctness is now extensive.
The general subjects covered are code complexity and quality of specification documentation. Some inconsistency has been identified in the specifications, see Incorrect specs, which was corrected.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Compound SUPTB
Compound implements an EIP-7246 (under review) compliant token SUPTB (Superstate short-term U.S. government bonds) and a permission list contract. It introduces a new feature: Encumbrance on top of ERC-20 to separate the ownership of tokens from the right to transfer them.
—
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
#Source: Compound Whitepaper (2019)
ChainSecurity has been an outstanding security partner who has earned our admiration and respect based purely on their technical competence and skill. They always go above and beyond to ensure their auditing is of the highest quality, and they are consistently excellent over the many projects we have done together.
Jared Flatow, VP of engineering
Summary
The most critical subjects covered in our audit are access control and functional correctness. All raised issues have been addressed accordingly. The most critical issue found in the assessment was related to incorrectly counted votes in InclusionVote (see Blank Votes Not Counted).
In summary, we find that the codebase now provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Governance
Yearn implements an on-chain governance system for yETH and the new contracts. They allow st-yETH holders to vote for generic proposals and Pool parameter changes.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – ArrangerConduit
MakerDAO implements a contract that is used to give access to funds of Maker SubDAOs to external actors for the purpose of investment into real-world assets.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and frontrunning resistance. Functional correctness is high.
While the conduit withdraw() function can be frontrun, the function is only called by members of the SubDAO which are able to mitigate the risk, if necessary, by using more private channels for the inclusion of such transactions into the blockchain.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO SparkLendConduit
MakerDAO implements a conduit contract for funnelling sNST into Spark, an Aave v3 fork.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. Security regarding functional correctness and access control is high, while security regarding asset solvency is improvable, see No Functionality to Recover From Bridge Failure.
The general subjects covered are code complexity, upgradeability, trustworthiness, documentation, and gas efficiency. Contracts in scope of this assessment are not upgradeable and have limited privileged roles. The code is well written. The documentation is improvable and the codebase could be more gas efficient, see Findings.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Frankencoin Smart Contracts
The Frankencoin system is a set of smart contracts that issue the Frankencoin (ZCHF) on-chain, a stablecoin that is supposed to be pegged to the Swiss Franc. Each Frankencoin minted is backed either by collateral assets or other trusted Swiss Franc stablecoins. The governance of the system is based on veto rights of shareholders that control at least 2% of the total voting power.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done!I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, access control, denial-of-service, precision of arithmetic operations, and reentrancy. Security regarding all the aforementioned subjects is good.
The general subjects covered are gas-efficiency, documentation, and error handling.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but do not replace other vital measures to secure a project.
About Spool V2 smart contracts
Spool implements a system for meta-strategies where users invest in vaults that then collectively invest in strategies that interact with third-party DeFi systems.
—
“Introducing Spool V2, the next evolution in our DeFi infrastructure designed for institutions and professionals. Building on our V1 proof of concept, V2 offers exponential enhancements in efficiency, composability, utility, and security.”
Security is a top priority for Spool DAO, so we want to work with the best in the business. The ChainSecurity audit we recently had proved exactly why they are so highly recognised in the industry.As you’d expect, they ran a detailed examination of the codebase with a focus on known attack vectors and product use cases. But, as well, their engineers did so in a friendly, engaged, and proactive way meaning the process ran smoothly and easily.
Simon Schaber, Lead Builder, Spool DAO
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency, and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are specification and gas efficiency. Security regarding the aforementioned subjects is high. Note that the zkAllocation is not specified precisely and is treated as a black box.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Sturdy Aggregator Smart Contracts
Sturdy implements Sturdy Aggregator, a lending optimizer with the ability to provide just-in-time liquidity by moving funds between different lenders.
—
“Sturdy is a lending protocol where borrowers farm with up to 10x leverage & lenders receive high yields.”
ChainSecurity produced a thorough and comprehensive report of the codebase for Sturdy's V2 upgrade. They asked thoughtful questions, were a pleasure to work with, and impressed us with their technical depth.
Sam Forman, CEO & Co-founder at Sturdy Finance
Summary
The most critical subjects covered in our audit are functional correctness and security of user funds. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StarknetID Auto Renew
StarknetID has implemented a non-upgradable auto-renewal contract to streamline domain renewals for users. Users can seamlessly enable or disable spending flows, which, subject to certain conditions, are executed by a designated, whitelisted renewer. These conditions include annual execution and ensure the domain expires in less than a month. The contract is governed by an admin, with users being responsible for setting accurate allowances.
—
“StarkNet.ID serves as a versatile passport for StarkNet, facilitating seamless storage and sharing of user-specific data within the StarkNet ecosystem. This robust identity protocol allows various Starknet app to access and utilize user information effortlessly, enhancing the overall user experience.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity, suitability of the implementation for the intended use case and accuracy of the documentation.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mimo Capital MCAG Contracts
Mimo Capital AG issues ERC-721 compliant NFTs called KUMABondTokens, which are backed by real-world bonds. Additional smart contracts handle functionalities like KYC compliance through KYCToken, role-based access control via AccessController, and price feed updates through MCAGAggregator and KIBTAggregator. The system also allows for pausing the tokens and maintains a blacklist of addresses that cannot interact with the KUMABondTokens.
—
“Mimo Capital AG is authorized to bring real-world assets, such as sovereign and corporate bonds, onto the blockchain via a process called tokenization, allowing for more transparency as each token is linked to a specific set of underlying assets held in custody.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are upgradeability, gas efficiency, and trustworthiness. We found that security regarding those subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon Token (POL)
Polygon implements the POL token, a fungible asset on Ethereum that supports the revised Polygon protocol architecture, and in particular its emission schedule and the migration from the previous MATIC token.
—
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
ChainSecurity holds a special place in my heart, only positive experiences with them and they always go above and beyond. During one of our audits, they actually found a bug in an OpenZeppelin contract we were using, 99% of auditors wouldn't bother looking there.
Gretzke.eth, Software Engineering Lead @ Polygon
.svg)
Summary
The most critical subjects covered in our audit are asset solvency and functional correctness. This includes the yield distribution for the rebasing token.
The general subjects covered are the documentation, integrability into the DeFi ecosystem and efficiency.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Kuma Protocol
The KUMA protocol is designed to tokenize KUMABond NFTs into KIB ERC-20 tokens. Interests are distributed through the rebasing mechanism of the token. ERC-20 ist the most common token standard and hence these KIB tokens are compatible with various decentralized finance protocols. The system has safeguards such as a Deprecation Mode to allow for a graceful shutdown and uses UUPS proxy pattern for upgradability.
—
The KUMA Protocol is a decentralized protocol issuing interest-bearing tokens backed by regulated NFTs, themselves backed by Real World Assets (RWA). At start the KUMA Protocol accepts regulated KUMA NFTs that are backed by sovereign bonds.
Summary
The most critical subjects covered in our review are asset solvency and functional correctness. Security regarding the aforementioned subjects is improvable. The most important issues uncovered are (1) asset solvency is low due to wrongly maintained internal accounting (see Wrong Accounting upon Margin Account Top up) and (2) functional correctness is low due to the value the tranches not including unrealized LP fees (see Accrued Interest Is Not Accounted in trancheValue).
The first issue has been fixed by a change of specification. Xena Finance has decided they only want to use a single tranche. The issue remains valid if Xena Finance decides to add more tranches. This leaves the codebase complex, while the functionality that will be used is simpler. The second issue related to accrued interest remains unfixed.
Additionally, there are a number of issues that Xena Finance decided not to fix, which could cause problems in the edge cases outlined in those issues.
The general subjects covered are documentation and specification. Security regarding all the aforementioned subjects is improvable. Documentation and specification are not sufficient due to the overall lack of documentation and unclear specification, see Missing Documentation.
In summary, we find that the codebase currently provides an improvable level of security.
Users of the system should check the Notes section for important information to consider before using the system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Xena smart contracts
Xena Finance implements a decentralized, non-custodial perpetual exchange. It aims to provide users with zero price-impact trades.
—
“Welcome to Xena Finance, where we’re making trading simple and exciting for everyone! We’ve created a place where you can easily trade and manage your risks, all while keeping the custody of your funds.”
.svg)
Summary
EIP-4788 uses a smart contract to temporarily store beacon chain roots on the execution layer in EVM storage. The contract is written directly in EVM assembly. Internally, the contract uses two ring buffers, one for timestamps and one for beacon roots. Hence, previously written beacon roots will be overwritten eventually. The most critical subjects covered in our audit are the security and the correctness of this smart contract storing and providing the beacon roots. The most important properties are:
(1) only the privileged SYSTEM_ADDRESS can store beacon roots
(2) only previously stored beacon roots can be retrieved
(3) the ring buffer correctly overwrites old beacon roots
(4) previously stored beacon roots can be queried by any smart contract by providing the timestamp of the following beacon block
Furthermore there was an important performance property:
(5) limit the storage consumption of the contract and use the storage efficiently
For the originally submitted contract, we found that property (2) can be violated by querying the Zero-Timestamp and that property (5) depends on block interval to stay constant at 12 seconds. To improve the storage efficiency and hence reach property (5) we proposed that the ring buffer should have a prime size. Furthermore, we investigated possible gas savings and made some recommendations which focused on reducing the execution cost of the contract’s usual execution path.
The smart contract and the EIP were consecutively updated as follows:
(1) an explicit check was added to prevent querying the Zero-Timestamp
(2) the ring buffer size became a prime number (specifically 8191), which provides more efficiency independent of block interval as described in the audit report, see “Implications of Ring Buffer Size”
We then further analyzed these updates. We found that during regular times the contract can return the 8191 most recent beacon roots. Given the current block interval that results in roughly 27 hours of historic data. However, before hard forks or with varying block intervals the contract might only return the beacon roots from the past 8191 seconds (roughly two hours), as described in “Changes in Block Interval”.
Last but not least, we wrote “Notes for smart contract developers”, planning to interact with this contract, so that they can avoid potential mistakes.
Overall, we found that after these fixes the smart contract code provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but do not replace other vital measures to secure a project. Specifically, in this review the way how clients interact with this special smart contract to set beacon roots was out of scope.
About EIP‑4788 Contract
EIP-4788 introduces a mechanism for the execution layer of Ethereum mainnet to access the beacon roots of the consensus layer. This access is provided through a regular smart contract which acts as a temporary database. This particular smart contract is the scope of this audit.
—
The Ethereum Foundation (EF) is a non-profit organization dedicated to supporting Ethereum and related technologies.
ChainSecurity provided a high quality review and was extremely responsive to the idiosyncrasies of the Ethereum protocol development processes. The team's work helped validate that EIP-4788 was safe for mainnet deployment.
Tim Beiko, Ethereum Foundation
Summary
Bancor implements an AMM exchange protocol with flash loan functionality. The reviewed Bancor v3 tries to mitigate any impairment loss for liquidity providers instantly, has an “Omnipool” for BNT liquidity providers that is used to trade against all other tokens. All tokens can be provided single-sided. In contrast to the previous version, it also has no liquidity caps in the pools.
The most critical subjects covered in our audit were security and functional correctness issues. Most severe is an Oracle Manipulation. All raised issues have been fixed accordingly or were acknowledged by Bancor. The review of any economic principles or business logic is excluded in our technical reviews.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Especially, for project of this size, they complement but don’t replace other vital measures to secure a project.
About Bancor v3
“Bancor is a decentralized network of on-chain automated market makers (AMMs) supporting instant, low-cost trading, as well as Single-Sided Liquidity Provision and Liquidity Protection for any listed token.”
ChainSecurity’s dedication, level of professionalism and technical capability during the audit of Bancor v3 were as impressive as it can get. They are definitely one of the obvious partners for current and future versions.
Yudi Levi (Bancor Chief Architect)
.svg)
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. The general subjects covered are fee handling, event handling, gas efficiency, and upgradeability. Several Possible Gas Optimizations exist that would increase gas efficiency. Furthermore, the implementation of EIP-4626 can be improved: EIP-4626 Non-Compliance. All other mentioned subjects show a high level of security.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Circle Perimeter smart contracts
Circle implements Perimeter, which can be used as on-chain infrastructure to facilitate the operations of loans that are secured off-chain. This includes custody and transfer of lender’s funds, interest payments, and fee handling.
—
“Circle is a global financial technology company helping money move at internet speed. Our mission is to raise global economic prosperity through the frictionless exchange of value.”
“USDC is a faster, safer, and more efficient way to send, spend, and exchange money around the globe. USDC powers apps to provide anytime access to payments and financial services.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. No major issues were uncovered.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation. The security of all aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme – Sulu Extensions XIII
Avantgarde Finance implements changes and extensions on the Sulu system. In particular, the changes consist of refactoring and bug fixes of the Aura/Convex staking adapter, a new policy that prevents redemption in specific assets when some assets are depegged, the introduction of the ArrakisV2 adapter, the extension of the deposit wrapper so that users can exchange an arbitrary asset to the denomination asset of the fund of which they want to buy shares, the AaveV3 CDP external position and the Lido stETH withdrawal.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully
The subjects covered by our review are detailed in the Review Overview section.
We found that the O(1) selector table is a good optimization and provides substantial gas savings, especially for large contracts. As pointed out by Incorrect dense selector when one bucket is empty, this new feature brings some edge cases that are hard to cover with tests, and even using fuzzing. We recommend that testing should be performed with special care for such part of the compiler.
As described in Arguments buffer size too large when calling ecmul and ecrecover can return undefined data in some edge case, issues were found in the fixes of the recent security advisory. These issues were shortly fixed and we can confidently assert that the security advisories that were initially in scope for this review have been resolved.
The large number of issues found in the builtins functions shows that special attention should be given to this part of the compiler and more testing should be done on that side.
Finally, although Vyper v0.3.10 fixes a substantial amount of issue and improve the compiler greatly, the large number of high-severity issues discovered during this assessment along with the limited scope of this review make further assessments necessary.
The review was executed by one engineer over two weeks. It’s important to note that, due to the extensive scope and codebase, our time-limited review does not capture the full depth of a comprehensive security analysis.
About LIMITED REVIEW – Vyper Compiler, Semantic analysis and Code generation
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
Our audit’s most critical focus areas include verifying the proper behavior, security, and financial stability of the protocol. A significant portion of our review concentrates on ensuring the accuracy of adapters when interacting with external systems. We also examined the newly added price feeds.
Security regarding all the aforementioned subjects is high.
We also examined the code’s correctness with respect to the available specification and the consistency of the implementation.
In summary, we find that the codebase of the protocol provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V2.1
Gearbox Protocol has implemented version 2.1, an improved iteration of the existing v2 protocol. Based on lessons learned since the launch of v2, numerous enhancements and fixes have been incorporated to strengthen security, such as minimizing the attack surface. Access has been further restricted, with direct interaction with adapters no longer permitted. All interactions must now go through the CreditFacade. Additionally, new adapters have been introduced to enable credit accounts to interact with Balancer, Compound, and Aave V2, along with the addition of three new price feeds.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
During this assessment, we did not uncover any severe issues and in summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About yDiscount Smart Contracts
Yearn implements a program allowing Yearn contributors to buy YFI at a discount each month, the discount is subject to the duration of their veYFI lock and the purchased YFI are immediately locked into veYFI according to the contributor’s current lock.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
We did not uncover any severe issues.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn ERC4626 Router
Yearn implements a router contract to migrate, deposit and withdraw from various vaults. Additionally, it simplifies some of the user actions like wrapping ether and providing the possibility to perform multi-calls.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
During this assessment, we did not uncover any severe issues and in summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Periphery Security
Yearn implements a program allowing Yearn contributors to buy YFI at a discount each month, the discount is subject to the duration of their veYFI lock and the purchased YFI are immediately locked into veYFI according to the contributor’s current lock.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and signature handling. Asset solvency and Signature handling are good. Functional correctness is high.
The general subjects covered are specification, front-running and integration with 3rd party systems. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About HOPRNet – Node Management Module
HOPRNet implements a module for Safe multisignature contract that allows management and separationof the different keys that are needed for HOPR network functionality. Scope includes updatedHoprChannels that can use such Safes and factory to deploy and configure them.
Summary
The most critical subjects covered in our audit are the correctness of the accounting, asset solvency, access control and functional correctness. During the audit, the most important reported issues were:
– Replacing a Validator Eventually Blocks the System
– Usage of address(this).balance in restake Can Block the System that requires from Everstake to inject liquidity to correct the accounting in case of necessity.
The issues have been fixed during the second week of the audit.
Security regarding all the aforementioned subjects is satisfactory. Even though the probability of one of the validators getting slashed is low, slashing could occur. That would require manual, trust-based intervention, see Slashing is not taken into account and Trust Model.
The general subjects covered are documentation, unit testing, code complexity, and gas efficiency. Documentation has been greatly improved during the last iteration. Unit testing and testing in general is basic, a good test suite will help ensure corner cases are considered.
In summary, we find that the codebase provides a satisfactory level of security, provided the Trust Model.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Everstake – ETH B2C Staking
Everstake implements a pooled staking service for Ethereum, where the rewards are reinvested in the pool and the validators are managed by Everstake.
—
“Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018”
We wish to express our heartfelt gratitude for the remarkable collaboration and interaction we have experienced with ChainSecurity in the context of the Everstake ETH B2C Staking solution audit. The ChainSecurity team has consistently demonstrated an extraordinary level of expertise and professionalism, elevating every interaction with them to a level of genuine enjoyment and unparalleled productivity.
Bohdan Opryshko & Sergey Vasylchuk, COO & CEO @ Everstake
Summary
The most critical subjects covered in our audit are functional correctness, access control and standard compliance. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity and quality of specification documentation. Fire Group Ltd. did not provide any specifications, test cases, git commits or the framework setup.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Firetoken Smart Contracts
Fire Group Ltd. implements an ERC-20 and ERC-1404 compliant FireToken, which is governed by the owner and features restricted token transfers.
—
“Fixed Income Real Estate (FIRE) is an equity token allowing its holders to participate in real estate & hospitality development projects and receive a fixed monthly return for a period and benefits at the properties and fundatmental assets.”
Summary
The most critical subjects covered in our audit are the functional correctness of the contracts, their configuration, and the interaction with the rest of the Gearbox system. Only minor issues were uncovered which have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V3 Governance
Gearbox implements the governance module for Gearbox V3.
—
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are functional correctness, access control, and non-custodiality. Functional correctness and access control are good. Non-custodiality is good. However, due to several issues arising from administrator powers, see Execution data is not validated and Execution reentrancy may be possible, and the proxy action contracts being out-of-scope, there may be unforeseeable consequences for non-custodiality.
The general subjects covered are upgradeability, unit testing, documentation and error handling.
In summary, we find that the codebase provides a good level of security. However, there may unforeseeable consequences given the reasons above. In case the administrators are trusted, the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Summer.fi Automation V2 Smart Contracts
Summer.fi implements the second version of the automation bot which opens the system to protocols other than Maker and introduces new kinds of triggers and grouped validation mechanics.
—
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and integrations with external systems. Functional correctness is high. One issue concerning Access control has been resolved after the intermediate report. Security regarding integration with external systems is high.
The general subjects covered are gas efficiency, documentation and testing. Gas efficiency is good and is a significant improvement over the previous version. The documentation provided is satisfactory. The available tests covering v2 are very basic only, we strongly recommend to improve the test coverage.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Summer.fi DeFi Modular Actions v2
Summer.fi implements an updated and more gas-efficient version of modular proxy actions. The system allows multiple actions to be executed from a UserProxy in a single call.
—
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”
We continue to be grateful for the comprehensive audits by the ChainSecurity team. Their distinctive understanding of the DeFi space brings an unmatched level of confidence to the audits they employ for us. We are looking forward to continuing working together to bring DeFi forward.
Frank Brinkkemper Product Manager @ Summer.fi
.svg)
Summary
The most critical subjects covered in our audit are the bridging mechanism, the interactions with the external protocols, components such as oracles, and the accounting of the system. A critical issue was uncovered, regarding price manipulation by an attacker as well as some high-severity issues. A second critical issue was found in the second iteration which allowed a user to mint more shares than expected by the system. All issues have been addressed.
The general subjects covered are the functional correctness and the liveness of the system, the code complexity, the access control, the documentation, testing, and the gas efficiency. The functional correctness is high. Regarding liveness, we have detected many possible ways which can lead the system to block. A relevant issue has been acknowledged by the development team. However, funds of the protocol are not at risk as the admins are in full control of them. The complexity of the bridging mechanism is high. The documentation was limited especially at the beginning of the review as well as testing. As the system exchanges messages with other chains, interacting with it could be gas-consuming and the gas efficiency is overall improvable. The security, as far as access control is concerned, is high.
In summary, we find that the security of the system is satisfactory but there is room for improvement.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About yldr.com
yldr.com implements a cross-chain yield aggregation system. Users can deposit assets on a master vault on the Ethereum network and then aggregate yield from different protocols in different chains.
ChainSecurity team exceeded our expectations!It's been a pleasure working with a team full of professionals. They didn't just look through the code but fully dive into the product. It felt like we'd been working together for years.I guess we've found a solid and reliable partner to have our contracts audited in the future
Ivan Roptanov, Product Manager @yldr.com
Summary
The most critical subjects covered in our audit are functional correctness and frontrunning. Functional correctness is high and frontrunning is only possible to a small extent determined by the want factor.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Maker FlapperUniV2SwapOnly
MakerDAO implements a new Flapper contract for the Maker Core contract Vow that is used to convert DAI surplus. In comparison to the other FlapperUniV2 contract, the DAI are only swapped on a Uniswap v2 pair and the proceedings sent to a predefined receiver address instead of deposited into the pair as liquidity.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness and the correct adherence to the MakerDAO specifications. We have high confidence on both subjects although a certain base variable is omitted where no official specification indicates that it is not in use.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDao Interest Rate Strategy
MakerDAO implements a new interest rate strategy for the Aave v3 fork Spark Lend that sets the interest rate for the Spark Lend DAI market to the base DAI savings rate. In comparison to the old version, the contract retrieves the base rate from the “ETH-C” ilk (collateral type) of the Maker contract Jug instead of the DSR rate from the Maker contract Pot.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code review. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for files of interest. The review was executed by one engineer over a period of two weeks supported by a second engineer for four days. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.
Vyper implements a compiler of Vyper language into EVM bytecode.
The most critical subjects covered in our review are the functional correctness of arithmetic operations and the soundness of performed optimizations. Security regarding functional correctness of arithmetic operations is improvable, due to discovered bugs, where IR nodes introduced by safemath, can themselves have overflows.
We did not uncover any issues regarding the soundness of performed optimizations, however, we would like to note that current optimizations are applicable only in a very limited number of cases. Extending the applicable cases when they can be applied might lead to potential problems and bugs. In addition, since optimizations are performed after safemath, extending optimizations to smaller than 256-bit datatypes should be done carefully. Some of the currently performed optimizations might potentially lead to an overflow of smaller datatypes, if not properly adjusted.
About LIMITED REVIEW – Vyper Compiler IR optimizer and safe
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. However, front-running protection and accurate fund valuation are improvable due to inaccuracies, see Pricing ERC4626 and Unclaimed Staking Rewards Are Not Valued. Similarly, delayed fund valuation may be problematic, see Slashing Can Be Avoided.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation. In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu extensions XI
Avantgarde Finance implements external positions for staking with Kiln (upgrade of old external position) and an integration with ERC-4626 tokenized vaults. Additionally, some changes to the existing code base have been performed.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are access control, functional correctness and the intergrations into the existing DSS system. After the intermediate report all uncovered issues have been resolved.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – RWA Toolkit
RwaMultiSwapOutputConduit allows priviledged users to convert DAI held by the smart contract into other stablecoins and transfer them to off-chain funds, using one of the Peg Stability Modules (PSM). Configurations need resetting after each use for security.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and front-running resilience. Functional correctness has improved to a good level after the deficit calculation has been fixed in the underlying Carbon contracts, fixing a Wrong distribution of unpaid fees in repay(). Certain configurations and behaviors by the manager of a vault can enable a Sandwich attack on updateState which allows an attacker to extract value out of the protocol. It is therefore detrimental that managers disable withdrawals and/or deposits in Live state as soon as such attack vectors open up.
The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is high and the system can be in many different states which might require different handling, and thus our confidence in that regard is limited.
In summary, we find that the codebase provides a good level of security. Since the project is deeply intertwined with another TrueFi project, we would also like to refer to the note Relevant concerns of TrueFi Carbon smart contract audit report which details concerns that are also relevant for this project.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi Fluorine Smart Contracts
TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.
—
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Chainsecurity did an absolutely amazing job working with us. The team is very knowledgeable, solid, and professional in every way. They definitely rank among the leaders of the space.
Justyna Broniszewska, Head of Engineering
Summary
The most critical subjects covered in our audit are the valuation of the portfolios and their tranches, the fee and interest calculations, the interactions of the lenders and the borrowers with the system and the access control. For the tranche valuation, we uncovered a Waterfall miscalculation issue. Under certain circumstances, the value of riskier tranches could be absorbed by higher tranches. The issue was addressed in the second iteration of the report. Attack vectors initiated by the portfolio managers were considered out of scope. In the current version, all the uncovered issues have been either addressed or acknowledged.
The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is really high and the system can be in many different states which might require different handling, and thus our confidence in that regard is limited.
Moreover, we would like to emphasize that portfolio managers are highly trusted and can introduce security risks to the protocol. The security of Carbon instances therefore ultimately depends on external factors.
In summary, we find that the codebase with the latest version greatly improved on the initial version. An iterative audit of many iterations adds risk as reviews of multiple small changes can introduce novel interactions with existing code which are easy to miss. Overall, we find that the codebase in its current state provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi Carbon Smart Contracts
TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Chainsecurity did an absolutely amazing job working with us. The team is very knowledgeable, solid, and professional in every way. They definitely rank among the leaders of the space.
Justyna Broniszewska, Head of Engineering
.png)
Summary
The most critical subjects covered in our review are functional correctness, integration of the signature scheme, and access control. All uncovered issues have been either fixed or acknowledged. Notable findings included: .. [Security regarding all the aforementioned subjects is high.]
- Update using stale pokedata
- Assessement of Finalized after authed action
- unreset oppokedata after unsuccessful challenge
The general subjects covered are code complexity, integration by external systems and the quality of the specification / documentation. The correctness of the signature scheme itself was not in scope of this review.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Chronicle – Scribe (MakerDAO)
Chronicle implements Scribe, a Schnorr multi-signature based price oracle. An optimistic extension allows price updates where the signature is only evaluated on-chain if challenged. Reading the pricefeed on-chain is restricted to whitelisted addresses only.
Chronicle: “Verifiable date for a decentralized future – Powering MakerDAO. Scalable | Cost-Efficient | Accessible | Transparent | Oracles – https://chroniclelabs.org/”
Summary
The most critical subjects covered in our audit are functional correctness, access control, trustworthiness and reentrancies. Several issues regarding these topics have been remedied. Access control is handled correctly throughout. Potential reentrancy vulnerabilities have been addressed. The risk of an implementation contract SELFDESTRUCT was addressed. Several risk-free issues have been acknowledged and are by design, see Systemic bias towards accepting proposals, Proposal can be updated just before voting starts, Same proposal status for queued, executed or vetoed proposals.
The general subjects covered are upgradeability, gas efficiency and documentation. Security regarding these subjects is high. Some steps were taken to improve gas efficiency, which overall is decent. The level of documentation is satisfactory, however, some peculiarities highlighted in the Notes section could be more explicitly documented.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Snapshot X
Snapshot implements a configurable voting protocol for systems with decentralized governance. It allows users to create proposals which can then be voted on and potentially executed. There are a variety of contracts which allow the system to choose which users can vote, which can create proposals, how the votes are counted, and how the proposals are executed.
"Snapshot is a voting platform that allows DAOs, DeFi protocols, or NFT communities to vote easily and without gas fees.The tool allows high customization of the voting process to cater to the diverse needs of the users and organizations."
#Source
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and precision of arithmetic operations. Security regarding all the aforementioned subjects is good.
The general subjects covered are integration with external systems, signature handling and sanity checks. Security regarding signature handling and sanity checks is high. The pool is integrated with the Balancer V2 infrastructure, which is an out-of-scope system. The issue Reentrancy via Vault was fixed, however other not yet discovered issues may remain since the Balancer V2 infrastructure is not covered by this audit. Thus, security regarding external systems integration is improvable.
In summary, we find that the codebase provides a good level of security regarding the most critical subjects, assuming that the Balancer V2 infrastructure does not contain any severe issues.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Swaap Finance – SafeGuardPool
Swaap implements a Safeguard Pool, utilizing the Balancer V2 infrastructure. It is an AMM pool with restrictions on certain swap transactions, in accordance with predefined parameters, known as safeguards. To perform a swap, a valid quote from a privileged signer must be provided. This quote encapsulates the swap price and associated penalties.
“Swaap is an innovative market-making protocol specializing in blue-chip crypto assets. Through pioneering models developed in collaboration with leading institutions, Swaap is revolutionizing DeFi market-making by providing liquidity providers with effortless and superior market-making strategies.”
We have been amazed by the quality of the audit performed by Chainsecurity, as they not only assessed the code but also addressed the core maths logics. This has enabled us to provide a more robust system to our users.
David Bouba, Co-founder at Swaap Labs
Summary
The most critical subjects covered in our review are asset solvency, functional correctness, access control and front-running. The security regarding functional correctness and front-running still has some potential to improve, see Implementation Mismatch With ERC-4626 and Possible to Frontrun the First Deposit in Pool. The security regarding other subjects is good.
Although we did not identify critical or highly severe issues during this review, we highlight that sandwiching attacks are important for the system as the curve’s shape changes when Pool parameters get updated by privileged accounts, or when rates of underlying assets change significantly. Possible sandwiching attacks are described in section Notes.
Given the complexity of the system, we highly recommend extending significantly the test suite and only apply changes to the system after rigorous testing.
In summary, we currently find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Smart Contract
Yearn implements a modified StableSwap pool for liquid staking derivatives and a staking vault. The pool token is yETH and can be staked into the Staking contract to earn rewards.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are overflow checks, the precision of arithmetic operations, and functional correctness. Some issues regarding overflows and precision losses were identified and subsequently fixed. Security regarding these subjects is high.
The general subjects covered are gas efficiency, access control, and trustworthiness. Security regarding all the aforementioned subjects is high. The efficiency of the current price calculation has been significantly improved.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Curve Tricrypto-ng
Curve implements an updated and optimized version of the existing Curve Curve Tricrypto Pool. It is an automatic market maker which allows exchanging of three tokens that do not need to be equivalent in value. The pools are rebalanced continuously around a moving average of the AMM state prices.
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for their very deep and thoughtful analysis
Michael Egorov, CEO @ Curve Finance
Summary
No critical issues were uncovered in the intermediate audit. In summary, we find that the current intermediate codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yBAL
Yearn implements a liquid wrapper for Balancer’s voting tokens (veBAL) and an ecosystem allowing users to invest the funds to earn a yield on their deposits. A Zapper contract allows a convenient entry point for users to invest their funds. The new liquid wrapper token yBAL can be always minted by providing BAL or WETH tokens. Having yBAL the users can decide between the associated investment strategies and earn from LP rewards or staking rewards.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Review Overview section.
We did not find any issues in the fixes of the security advisories that were in the scope of this review and can confidently assert that the security advisories have been resolved.
The elimination of the Function Signature class enhances the code’s readability and consistency, according to our findings. This removal, enabled by the previous pull request that refactored the type system and the code generation, is one of the last steps in merging the type systems of the semantic analysis and the code generation.
The Journal and its commit/rollback scheme fix the issue with incorrect type checking of loop variables but also allows for future new metadata to be added to the compiler easily. Although one issue was found in its implementation as highlighted by Metadata Journal can rollback incorrectly, this new primitive is a great addition to the compiler as it also fixes a performance issue by caching the list of potential types for nodes.
Special attention should be applied to testing complex expressions with functions calls as sub-expression. As highlighted in various issues such as Multiple evaluations of DST lead to non-unique symbol errors when copying Bytes arrays or DynArrays or Make_setter is incorrect for complex types when the RHS references the LHS with a function call, such complex expressions might be edge cases in the compiler logic and should be part of the testing suite.
Additionally, the large amount of issues related to the new IfExp AST node depicts the importance for the compiler to be more generic in its way to validate the semantics of expressions as currently, some functions must handle the case of several AST nodes in distinct ways as they cannot be handled by the general logic.
About LIMITED REVIEW – Vyper Compiler Semantic analysis and Code generation
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
MakerDAO implemented a new flapper contract. Rather than auctioning off the surplus DAI, it is now exchanged and added to an UniswapV2 pool.
The most critical subjects covered in our audit are functional correctness of the changed code and the impact of the change on the existing system.
It’s worth noting that, by design, this new flapper spends up to x2.2 times the amount of DAI the Vow expects it to spend. For more details please refer to the informational issue.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Maker FlapperUniV2
MakerDAO implemented a new flapper contract. Rather than auctioning off the surplus DAI, it is now exchanged and added to an UniswapV2 pool.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”