Summary
KyberSwap Elastic is an automated market maker (AMM) implementation, that allows liquidity providers to concentrate the liquidity in a certain price range.
The most critical audit subjects are functional correctness, external dependency integration and protection against adversarial agents. We found some deviations from the functional correctness which were reported. Regarding external dependency integration, we found minor mismatch from standard. Lastly, bugs that limited the AntiSniping (aka JIT liquidity provision) protection were reported.
The general audit subjects covered include trustworthiness, documentation, and gas efficiency. Regarding trustworthiness, while pools are not upgradable, there are certain system parameters like whitelisted position managers that can be set only by privileged ConfigMaster role holder. We found certain parts of the documentation that could be improved so that other projects can better integrate with the Kyber Network protocol. Lastly, minor possible improvements to gas efficiency were reported.
In summary, we find that the codebase at last version commit in Scope provides provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Since the protocol logic is quite sophisticated, techniques such as property based testing and formal verification can bring valuable additional assurance. They complement but don’t replace other vital measures to secure a project.
About KyberSwap Elastic
“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.
Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”
(Source: Kyber Network media kit, April 2021)
With their thorough and high quality audits, ChainSecurity has been one of Kyber Network’s primary auditors for years now. We look forward to continuing our partnership with them for many more years to come as we keep growing the frontiers of blockchain.
Loi Luu, CEO of Kyber Network
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. One high-severity issue was found in GatedRedemptionQueueSharesWrapper, where a user can purposefully front-run a depositFromQueue call and make another user who made a deposit request lose their funds. All the issues have been addressed. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions X
Avantgarde Finance extended the functionality of the ParaSwapV5 adapter to add support for MegaSwap and SimpleSwap and changed how the errors are caught. Moreover, the functionality of the GatedRedemptionQueueSharesWrapper was extended to allow vault owners to force the transfer of shares from one account to another and to enable a “Request” DepositMode. Finally, two new adapters were introduced for ZeroExV4 and 1inch swaps.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
.png)
Summary
Savings DAI implements a tokenized EIP 4626 compliant wrapper for DAI Savings Rate. This latest iteration of the code adds a referral feature.
The most critical subjects covered in our audit are functional correctness, security of the assets and adherence to the EIP standards. General subjects covered are optimizations and usability.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis Savings DAI
Savings DAI implements a tokenized EIP 4626 compliant wrapper for DAI Savings Rate. This latest iteration of the code adds a referral feature.
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
The most critical subjects covered in our audit are security and functional correctness. During the review, no critical or high severity issues were uncovered. The report highlights a medium and a few low severity issues, one of which highlights a significant inaccuracy in the documentation. After the intermediate report, all issues have been addressed.
The general subjects covered are adherence to the implemented standards, code complexity and gas efficiency.
In summary, we find that the codebase provides a good level of security. We have to emphasize that the project reviewed is a template only, not an actual implementation of a strategy.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn Tokenized Strategy
Tokenized Strategy offers a framework for developers to easily create ERC-4626 compliant tokenized strategies by implementing only the strategy-specific logic, as it provides the core accounting functionality.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are security, functional correctness and the proper accounting of the assets and shares. During the review, no critical or highly severe issues were uncovered. Two medium severity correctness issues have been found which have been resolved after the intermediate report.
The general subjects covered are adherence to the implemented standards, code complexity and gas efficiency. In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn V3 Vaults
Yearn implements VaultsV3, an unopinionated ERC-4626 compliant system designed to distribute depositor funds into various strategies and manage accounting robustly. Depositors receive ERC-20 compliant shares that can be redeemed at any time.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
.png){kind=spacer}
.svg)
Summary
The most critical subjects covered in our review are signature handling, event handling, access control and functional correctness. Security regarding all the aforementioned subjects is high.
The general subjects covered are trustworthiness, upgradeability, gas efficiency and documentation. The contracts in the scope of this review are not upgradeable, however, several accounts are required to be trusted, see Roles and Trust Model. Also, we have highlighted accounts of high importance in Potential single points of failure. The project has extensive documentation and inline code specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Circle – Cross Chain Transfer Protocol (CCTP)
Circle implements a Cross-Chain Transfer Protocol (CCTP), allowing bridging native tokens from a source chain to a destination chain. The CCTP relies on an off-chain attestation service to sign transfer messages, which is currently operated by Circle.
“Circle is a global financial technology company helping money move at internet speed. Our mission is to raise global economic prosperity through the frictionless exchange of value.”
“USDC is a faster, safer, and more efficient way to send, spend, and exchange money around the globe. USDC powers apps to provide anytime access to payments and financial services.”
Summary
During the review, no critical or highly severe issues were uncovered.
The most critical subjects covered in our audit are functional correctness, access control and signature malleability. The security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, code complexity, testing, and specification quality. Note that in the third version tests were added. The quantity and quality of tests, however, see Lack Of Testing, and gas efficiency can still be further improved.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About USDFI: AMM, Gauges and Bribes Smart Contracts
USDFI implements an ecosystem, which supports exchanges, including both constant (as in Uniswap V2) and stable swap. To incentivise liquidity providers to get engaged in the system, a bribing system as well as gauges are implemented to allow staking of LP tokens.
The unparalleled technical expertise, ethics, and professionalism demonstrated by Chainsecurity in their operations, execution and delivery is a testament to their exceptional leadership within the industry. It is with great pride that we recognize them as the most trusted partner for the USDFI protocol.
Dr. Michael Martin, USDFI
Summary
The most critical subjects covered in our audit are the functional correctness of the bridging mechanism, security of the locked assets and the validation of withdrawals on the RootChain. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, efficiency and adherence to the implemented standards. Security regarding all the aforementioned subjects is high. The codebase however could be more consistent: Multiple similar contracts exist where the implementation of the same functionality differs slightly.
This review covered a system already deployed. The actual contracts deployed do not exactly correspond to the version audited, although the changes are mostly of cosmetic nature only. The compiler version + dependencies used are outdated, however no known bug affects the live contracts.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon PoS Portal Smart Contracts
Polygon PoS Portal is a bridge for assets between the RootChain (Ethereum) and the ChildChain (Polygon). Additionally a gas-swapper contract which helps users to aquire MATIC while bridging tokens to Polygon was reviewed.
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
ChainSecurity holds a special place in my heart, only positive experiences with them and they always go above and beyond. During one of our audits, they actually found a bug in an OpenZeppelin contract we were using, 99% of auditors wouldn't bother looking there.
Gretzke.eth, Software Engineering Lead @ Polygon
Summary
As has been communicated by the Bancor team at the start of the audit, a precision error could lead to some losses for customers due to unexpected pricing: Price Precision Very Low for Some Tokens. This issue has been mitigated by an encoding format that increases the amount of bits that can effectively be used.
The most critical subjects covered in our audit are functional correctness, precision of arithmetic operations and front-running. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Bancor Carbon
Bancor implements an AMM with asymmetric liquidity on which each user’s liquidity position is represented by two independent curves for buying and selling a token respectively. Trades can be matched against these positions using Bancor’s decentralized SDK, or in whichever manner the user desires.
ChainSecurity’s dedication, level of professionalism and technical capability during the audit of Bancor v3 were as impressive as it can get. They are definitely one of the obvious partners for current and future versions.
Yudi Levi (Bancor Chief Architect)
Summary
The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all is generally good. Security regarding functional correctness is good as long as drying out the Aave pool on purpose, see Provoking an Aave Liquidity Crisis, is unprofitable based on the borrow and supply caps, and the flashloan fees.
The general subjects covered are code complexity, error handling, specification and gas inefficiency. Security regarding all the aforementioned subjects is good. However, documentation could be more explicit for makers since the provided arguments on creation should be meaningful but are not checked by code.
All the issues uncovered during the review have been either fixed or acknowledged. In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Kandel Strats Smart Contracts
Mangrove Association (ADDMA) implements a “buy low, sell high” market making strategy leveraging the Mangrove core system, while optimizing the capital efficiency by supplying the idle funds on AaveV3.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
.svg)
Summary
The most critical subjects covered in our audit are asset solvency, access control, functional correctness and oracle robustness. Security regarding all is high.
The general subjects covered are gas efficiency, documentation, unit testing and trustworthiness. Security regarding all is high. However, some can be improved (e.g. gas efficiency).
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Silo Finance – Curve & Convex Feature
Silo Finance implements a Curve LP price feed for StableSwap and Crypto pools, a price feed using Curve’s pool prices, and a forwarding price feed that maps assets to another asset. Further, Silo Finance provides an ERC-20 wrapper for Convex staking positions. Last, Silo Finance created a new implementation for the Silo router so that it supports wrapping and unwrapping the wrapped tokens.
.png)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and signature handling. Security regarding Functional correctness and asset solvency is good. Signature handling is improvable, see Problems Related to Consent and ConsentVerification.
The general subjects covered are event handling and gas efficiency. Gas efficiency is improvable, see Gas Optimisation. Event handling can be improved as well, see Pausing and Unpausing Emit Misleading Events.
In summary, we find that the codebase provides an improvable level of security.
Many of the issues we identified during our assessment, which you have acknowledged without taking action, have the potential to cause human errors and other negative impacts. It is important to address these issues promptly to ensure the overall safety and reliability of your system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Blockswap – State Replication Gateway (SRG)
Blockswap implements State Replication Gateway – a cross chain state portability system, that allows the extension of a smart contract states between EVM-compatible chains.
—-
“Blockswap Labs is a research and development firm making blockchain technology accessible to mainstream users. As core contributors to Blockswap Network and Proof of Neutrality Network, Blockswap Labs are building a permissionless middle layer and catalyzing web3 development through credibly neutral public benefit infrastructure solutions.”
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Assessment Overview section. Pull request #3182 implements a large scale refactoring. It is followed by a general review of the code generation phase of the compiler.
We find that merging the front-end and back-end type systems benefits the code in terms of readability and consistence. Some aspects of the integration of the front-end type system in the code generation are improvable, and introduced bugs, such as StringT not handled in HashMap access.
Other issues have been identified with memory safety, as highlighted by Out of bound memory accesses with DynArray and skip_contract_check skips return data existence check. Special attention should be applied to testing rarely executed codepaths, such as the use of keyword arguments for internal functions, which revealed a long standing bug: Default arguments evaluated incorrectly for internal calls
We recommend being careful with the order of evaluation of expressions. As shown in the case of DynArrays, an incorrect evaluation order can lead to bypassing vital safety checks. Regular code reviews can help mitigate the introduction of such issues in the codebase.
About LIMITED REVIEW – Vyper Compiler Back
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
This latest iteration of the review focussed on the change that fees collected now remain in the Mangrove contract instead of being forwarded to a vault contract.
The most critical subjects covered in our audit are functional correctness, access control, precision of arithmetic operations, front-running and signature handling. Security regarding most of the aforementioned subjects is high. Security of signature handling is basic due to possible ECDSA malleability, see ECDSA Signature Malleability. Security of front-running is good but keepers could lose funds to rogue makers unexpectedly due to unawareness of the exact functionality of sniping, see No Protection for Keepers.
The general subjects covered are unit testing, documentation, specification, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Smart Contract
Mangrove Association (ADDMA) implements an offer book exchange supporting markets between two assets. Makers create and takers consume offers which are promises of makers to provide the offered token at a certain price. To ensure the executability of offers, makers must deposit ether for gas reimbursements on failure.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
Summary
The MakerDAO zkSync-DAI Bridge is not yet deployed.
The most critical subjects covered in our audit are the functional correctness of the DAI bridging mechanism, the L2-DAI ERC-20 contract and the relay of governance spells, protection against censorship, and upgradeability.
Security regarding all other aforementioned subjects is high. However, users should be aware of the trust model, see Trust Model & Roles.
The general subjects covered are upgradeability, error handling, trustworthiness, documentation, and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO zkSync
MakerDAO implements a layer 2 DAI contract for zkSync 2.0, a ZK-rollup for Ethereum, along with DAI bridging contracts. That also includes contracts for sending governance spells from layer 1 to layer.
It must be noted that the bridge is not yet deployed.
The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance. Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are rewards accumulation, the minting and redeeming of Gauge tokens, the calculation of the YFI discounted price and, the precision of the calculations and the access control. The security of all aforementioned subjects is high as only low to medium severity issues were uncovered. All the issues have been resolved in the second iteration of the codebase.
The general subjects covered are upgradeability, documentation, testing. The documentation provided to us was limited. The security regarding the rest of subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn – oYfi
Yearn implements an incentive mechanism for users to hold the yvTokens. In particular, users can stake these tokens and mint Gauge tokens (ygTokens). With these tokens users can claim Option-Yfi (oYFI) which allows them to buy YFI tokens on discount.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are access control, security of the funds and ERC4626 compliance. Only minor issues were uncovered. All the issues are addressed in the second iteration of the codebase. The security of all aforementioned subjects is high.
The general subjects covered are code complexity, gas efficiency, documentation and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Archblock TrueFi – Controllers for TrueFi Carbon
Archblock implements some modified controllers to be used with the TrueFi Carbon protocol.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Summary
The most critical subjects covered in our audit are asset solvency, access control and functional correctness. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradeability and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security. This assessment did not uncover any issues that need immediate fixing. However, you might consider addressing the informational findings.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi – Archblock – Portfolio Debt Token
Archblock on behalf of TruFi implemented a Portfolio Debt Token – a Solidity smart contract that is intended to be used for distributing assets, recovered from defaulted loans.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Enzyme – Sulu Extensions IX
Enzyme implemented changes to the existing UniswapV2 (support for tokens with fees on transfer) and Balancer (batchSwap()) adapters. New external positions for Solv bonds have been added, similar to the existing external position for Solv convertibles but without support for the secondary market. A new gated shares wrapper with a redemption queue has been added.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Review Overview section. Two pull requests, PR 2974 and PR 3182, implement a large scale refactoring, while the other PRs implement local fixes. Due to time limitations, pull request 3182 was not covered and requires further attention.
We find that the new type system implementation benefits the code in terms of readability. Some aspects of type checking are improvable, as can be seen for example in Function type_from_annotation performs no validation, HashMap are declarable outside of the storage scope or InterfaceT type comparison is incorrect for return types. Further investigation is required to cover all the changes to the type system and is likely to uncover more issues.
Focusing our attention on the other pull requests in scope, we can assert that most of the pull requests reviewed correctly implement the targeted fixes. However, some pull requests only partially implement fixes, such as Note on PR 3167: fix: codegen for function calls as argument in builtin functions, or introduce changes in semantics that need further consideration, as pointed out in Note on Pull Request 3104: refactor: optimize calldatasize check . A single pull request incorrectly implements fixes, and breaks existing compiler features (Note on PR 3211: fix: restrict STATICCALL to view).
The development of the compiler is showing substantial progress. The high number of issues uncovered make further reviews necessary, and particular attention should be given to syntactic manipulations for the validation of semantics, which are error prone as shown in Function _check_iterator_modification has false positive and false negatives , AnnAssign allows tuples assignment, Assign forbids them and HashMap variable can be left-hand of assignment if wrapped in Tuple.
LIMITED REVIEW – Vyper Compiler Front
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are the security of the funds stored in the system, the distribution of the buffered ETH and the rewards to the various modules, the management of the modules, the node operators and the public keys of the validators, the correctness of the allocation algorithm, and the low-level handling of the storage and access control. The most important issue we uncovered relates to incorrectly trimming the array containing the address of the reward recipients. Moreover, we uncovered an important correctness issue in the MemUtils.memcpy function which, however, has no impact in the current implementation. All the aforementioned issues have been addressed.
The general subjects covered are upgradeability, the efficiency of the implementation, the documentation and unit testing. We find the security in all aforementioned areas high. The documentation is comprehensive, and the unit testing is extensive.
In summary, we find that the codebase provides a high level of security. Unfixed issues reported by ChainSecurity in previous reports are omitted in this one.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Lido Staking Router
Lido implements a modularization of the current Lido system. This allows Lido to introduce various different staking modules with the Node Operators Registry being just one of these modules. The Staking Router contract is responsible for appropriately distributing the 32 ETH batches and the accumulated rewards among the different modules. To that end, Lido implemented an allocation algorithm.
We are completely satisfied with this engagement. ChainSecurity team was very flexible about slot booking and provided deep code analysis with non-trivial findings.I’ve asked around about this whole experience and everyone considers your work over the top, thank you so much! ❤️
Lido on Ethereum contributors
Summary
The most critical subjects covered in our audit are functional correctness and memory consistency.
Security regarding all the aforementioned subjects is high.
The general subjects covered are a check of the specification and error handling. The specification is improvable, e.g. examples of encoded data can be added. Error handling is improved, after the fix of Assumptions on output from unsuccessful call.
In summary, we find that the codebase provides a good level of security. The remaining unfixed Complexity of Commands Effect Evaluation issue is fundamentally linked to the same risks as any other Ethereum transaction – however, the novelty of Enso-Weiroll requires additional tooling and user education to minimize this risk.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enso Weiroll Smart Contracts
Enso implements Enso-Weiroll – a virtual machine that is capable of grouping a chain of smart contract function calls into a single transaction. This chain of operations, or scripts, can perform arbitrary calls with user-defined data and allow the output of one command to be used as the input for the subsequent commands.
“A unified DeFi API that enables you to interact with all DeFi primitives conveniently.”
.svg)
Summary
The most critical subjects covered in our review are Adjusted Bias Measured Possibly Too Late and Queued Upgrade Still Taken in Account After Closing Bribe. Both issues open the possibility to drain funds. All critical and high issues raised have been corrected accordingly. Still, many issues were acknowledged or the risk is accepted.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO – Bribe Platform
StakeDao Bribe platform implements smart contracts allowing users to incentivize (or bribe) Curve token holders to vote for a specific Curve gauge.
“Stake DAO is a non-custodial platform that enables anyone to easily grow their crypto portfolio. It is built on top of decentralized blockchain protocols, offering a seamless way for people to grow, track, and control assets right from their wallet. As a project, we aim to allow anyone with any level of knowledge of crypto to have easy access to the market’s most competitive products and strategies.”
Summary
Compound III is a gas-efficient lending platform that allows more efficient liquidity use due to a more streamlined application of borrowing stable coins against various collaterals.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Compound III
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
#Source: Compound Whitepaper (2019)
ChainSecurity has been an outstanding security partner who has earned our admiration and respect based purely on their technical competence and skill. They always go above and beyond to ensure their auditing is of the highest quality, and they are consistently excellent over the many projects we have done together.
Jared Flatow, VP of engineering
Summary
The most critical subjects covered in our audit are functional correctness, system design and safety of user funds. We uncovered two medium severity issues regarding functional correctness, which have been addressed. There was one high severity issue regarding system design, which also has been remedied.
The general subjects covered are gas efficiency, code complexity, trustworthiness and access control. Some improvements can be made to the gas efficiency of the contracts. Security regarding the remaining subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis PositionManager
PositionManager implements a way for users to easily create proxy contracts to manage various DeFi positions without built-in asset separation. The proxies should be capable of replacing instances of MakerDAO’s DSProxy.
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. Please note that the PAXG token is upgradable. Furthermore the current implementation of the PAXG token features functionality that allows the admin to seize/freeze assets of any address.
The general subjects covered are gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – GemJoin9 for PAXG Smart Contract
MakerDAO implements a novel join adapter (GemJoin9) to be used with the PAXG token, an ERC20 token with fees on transfers.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and front-running. Security regarding functional correctness and access control is high. The two uncovered medium severity issues, that make the system vulnerable to front-running and sandwich attacks can potentially endanger users and 3rd party integrations, but do not pose an immediate risk for the ZkBob system itself.
The general subjects covered are trustworthiness, documentation, specification and code complexity. The security regarding these subjects is good. The acknowledged and not fixed issues are of low severity and don’t render the system unsafe.
In summary, we find that the codebase provides a good level of security. The remaining acknowledged but not fixed issues do not immediately impair the system, however, we still suggest addressing them in the future.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About zkBob smart contracts
BOB Protocol implements an application that uses zero-knowledge proofs (zk-SNARKs) for anonymous transfers of the BOB ERC20 stablecoin token.
Summary
Q Blockchain implements EVM chain with a delegated proof of stake (DPoS) consensus mechanism, on-chain governance framework, built-in stablecoin system, and numerous other features. This assessment focused on changes that were performed on top of previously reviewed version. Notable changes are a switch of solidity compiler version, new price feed oracles and crypto wallet key protection mechanism for the on-chain stakers.
The most critical subjects covered in our audit are functional correctness, upgradeability and usability. Security regarding all the aforementioned subjects is good. The general subjects covered are code complexity and event handling. Security regarding those subjects is good.
In summary, we find that the codebase provides a satisfactory level of security. The remaining acknowledged but not fixed issues do not immediately impair the system, however, we still suggest addressing them in the future. Over time their significance might change and cause more serious consequences.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Q Blockchain – System contracts v1.2
“Q combines the benefits of a public, open and decentralized ledger with the transparency of enforceable private contracts. Whether you want to interact with other businesses, build decentralized applications or simply send and receive tokens: Q is for you.”
The Q development team highly appreciates the audit performed by ChainSecurity. The matter of the audit consisted of a large number of highly interrelated smart contracts that compose a complex onchain protocol. The auditors' quick uptake and deep understanding of the overall system was very impressive. At the same time, their skill on the lowest coding level was equally impressive. The combination of these two qualities, among others, led to the discovery of some hard-to-spot yet easy-to-fix issues. With this code audit, the Q blockchain has reached a new level in terms of maturity and maintainability. For our ongoing development, we are already planning follow up audit sessions with ChainSecurity.
Tobias Latzke, Q Core Team
Summary
Giry implements a vesting plan for the participants of DAOs. The project is a fork of another well-audited project with a small number of additional features.
The most critical subjects covered in our audit are functional correctness and access control. We find that the project implementation is of a high quality and no severe issues were uncovered.
The general subjects covered are code complexity, use of uncommon language features, unit testing, documentation, specification, and gas efficiency. Security regarding all the aforementioned subjects is high with the exception of unit tests and the documentation which have not been updated to reflect the current state of the project. More specifically, the unit tests do not check for the correctness of the newly introduced features.
In summary, we find that the codebase provides a high level of security, but we strongly suggest to implement the missing unit tests.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove dss vest smart contracts
Mangrove implements an offer book based exchange. Individual offer books exist for each market consisting of a base and a quote asset. Technically an offer book is a sorted doubly linked list of offers. Each offer promises an amount of the so-called base asset and requests a certain amount of the quote asset. Makers create these offers. Takers take these offers by executing a so-called order. During the execution of an order, the amount of the base quote is transferred to the maker first before the maker address is called to execute arbitrary code. During this call, the maker must do all actions necessary and make the amount of the base asset available for the exchange to collect.
Offers are just promises and the execution of an order may fail. When an offer fails e.g., because it failed to make available the amount of tokens to the exchange, the execution of the order is stopped. A penalty mechanism exists to incentivize makers to have working offers. Upon offer creation, the maker has to provide a so-called provision in Ether to cover for the gas costs should the transaction revert. If the offer
succeeds, the provision is returned to the maker. When an offer fails, a part of the provision is given to the taker to compensate for his lost gas costs.
A callback to the maker at the end of an exchange allows the maker to update his offer.
The system is administrated by the governance which can add/remove or pause token pairs or change the parameters of the system.
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
Summary
Mangrove implements a peripheral contract for the Mangrove core system which allows users to submit Good-till-cancelled orders and Fill-or-kill orders.
The most critical subjects covered in our audit are functional correctness, absence of reentrancy possibilities, access control, handling of funds, and accounting. We have uncovered some important bugs. Regarding functional correctness, we uncovered a bug where the gas price for an updated order is calculated and submitted incorrectly. Regarding accounting, we have uncovered a vulnerability affecting the order updates which can allow an attacker to steal funds from Mangrove core system. However, the impact of the vulnerability is not big since it is not expected that an attacker can steal a significant amount. Moreover, as far as internal accounting is concerned, if an updated order requires less provision than before, the provision is not refunded to the end users. All the aforementioned issues were addressed in the second iteration.
The general subjects covered are code complexity, use of uncommon language features, unit testing, documentation, specification, gas efficiency, trustworthiness and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Order
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, integrability and consistency of the accounting. General subjects covered include the documentation which is non-existing. Security regarding all the aforementioned subjects is satisfactory.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Delegation
ChainSecurity reviewed two implementations of delegation pods for ERC20Pods.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness, integration with OpenZeppelin’s ECR20 token implementation, and access control. Security regarding all the aforementioned subjects is good.
The general subjects covered are code complexity, documentation and event handling. Security regarding all the aforementioned subjects is improvable. Code complexity is improvable due to the custom AddressArray implementation. Documentation is non-existing.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – ERC20 Pods
1inch implements an extension for OpenZeppelin’s ERC20 implementation, that allows users to register so-called Pods, that are called on a balance update.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness, security of the assets and the accounting of the balances.
The general subjects covered are design, efficiency and documentation. While the Settlement system may protect from MEV done by the block producers, orders may be observed/rearranged on another level. The staking is only used as a barrier of entry and does not ensure that a resolver follows the protocol rules as stated in the documentation.
Detailed documentation / specification and documentation explaining the interactions between the components, especially with the limit order protocol was largely missing during the review. This review was done based on our understanding of the system as in the System Overview of this report for which we did not receive a confirmation of 1inch.
In summary, we find that the codebase in its current state provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Limit Order Settlement
In Limit Order Settlement resolvers settle orders of users. Major advantages this system offers include MEV protection and gasless swaps for the creator of the order. Resolvers should be whitelisted, in order to join this whitelist sufficient stake of 1inch tokens must be allocated to the resolver. The staking and delegation make use of the new proposed ERC20Pods extension.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The Fx-Portal allows to seamlessly bridge data between Ethereum and Polygon. Projects can simply build on the provided base contracts and use the provided functions to send/receive messages. Several example implementations are part of the repository, demonstrating the use for a simple state transfer or for bridging tokens.
The most critical aspects covered in our audit are security and functional correctness. For the core part, the mechanism and base contracts of the Fx-Portal, security regarding all the aforementioned aspects is high. The examples, while they showcase the use of the Fx-Portal contracts, lack documentation. Considering that projects may build on top of such example contracts, their functionality / limitations should be properly documented.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon Fx Portal
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
ChainSecurity holds a special place in my heart, only positive experiences with them and they always go above and beyond. During one of our audits, they actually found a bug in an OpenZeppelin contract we were using, 99% of auditors wouldn't bother looking there.
Gretzke.eth, Software Engineering Lead @ Polygon
Summary
The most critical subjects covered in our audit are functional correctness and safety of the interactions with the underlying pool. Additionally, we focused on front-running possibilities and gas efficiency. We did not find any critical problems in the aforementioned categories. All raised issues have been fixed accordingly.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox Auction
GEARBOX implements a liquidity bootstrapping contract for a GEAR / ETH Curve crypto pool. The funding is raised in consecutive stages, after which the contract acts as a doorway to the Curve pool for a limited time in which GEAR sellers are paying a premium.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. Security regarding all the aforementioned subjects is high. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VIII Smart Contracts
Avantgarde Finance implements new adapters for Aave V3 and Compound V3 and refactors the codebase of the Aave V2 adapter so that code can be reused for the Aave V3 adapter. Additionally, Avantgarde Finance introduces so-called list owner contracts, used for validation in the aforementioned adapters, that can add validated items to a list. Further, Avantgarde Finance implements an upgrade for the Maple external position to allow migration to V2.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
KyberSwap Elastic Legacy was the automated market maker (AMM) implementation by the Kyber Network protocol which was used until an upgrade in May 2023.
Please refer to KyberSwap Elastic for the current version of the system.
About KyberSwap Elastic Legacy
“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.
Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”
(Source: Kyber Network media kit, April 2021)
With their thorough and high quality audits, ChainSecurity has been one of Kyber Network’s primary auditors for years now. We look forward to continuing our partnership with them for many more years to come as we keep growing the frontiers of blockchain.
Loi Luu, CEO of Kyber Network
Summary
ClayStack implements a staking pool implementation that simplifies the staking MATIC tokens on numerous Polygon validators. A user that joins the pool, locks MATIC tokens and gets csMATIC tokens that accumulate the rewards over time. The csMATIC tokens can be then burned, to get the locked MATIC tokens back.
The most critical subjects covered in our audit are the security of the pool and token contracts, the functional correctness and the safety of the deposited funds. Security regarding all the aforementioned subjects is high.
In the final iteration after the intermediate reports no issues remain open. Overall we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About ClayStack Matic Smart Contracts
“ClayStack is a decentralized liquid staking platform that enables you to unlock the liquidity of staked assets across multiple chains. You can stake your assets and use the issued staking derivatives across the DeFi ecosystem.”
Summary
[UPDATE March 21st 2022: we upload the original unredacted report, which contained a live critical vulnerability. The vulnerability was redacted until it could be patched. Find more details in our blog article.]—
Compound offers money markets for supplying and borrowing different assets on the Ethereum blockchain.
Users can supply assets to the market, earning interest on their deposits. They can also use their deposited assets as collateral in order to borrow assets from other markets. The borrowed assets accrue interest over time, which is shared between the suppliers and the protocol. If a borrower’s account balance falls below a certain threshold, due to the value of their collateral falling or the value of the borrowed assets increasing, their position can be liquidated. The liquidator pays back the borrowed assets and in return they earn a portion of the borrower’s collateral.
Users interact with the cToken contracts. These are ERC-20 tokens that represent the assets a user has supplied to the market. As the market accrues interest, the value of the cToken compared to the underlying asset increases. The cToken itself receives a portion of the interest as reserves.
About Compound – cToken
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
#Source: Compound Whitepaper (2019)
ChainSecurity has been an outstanding security partner who has earned our admiration and respect based purely on their technical competence and skill. They always go above and beyond to ensure their auditing is of the highest quality, and they are consistently excellent over the many projects we have done together.
Jared Flatow, VP of engineering
.png)
Summary
Uniswap implements Permit2 and Permit2Lib which are smart contracts that enable permit-style approvals and transfers using signatures for ERC20 tokens that do not support such functionality.
The most critical subjects covered in our audit are functional correctness, signature handling andfront-running. Security regarding front-running is improvable due to a possible attack vector on permitapprovals, see Race Condition on Approvals. Security regarding functional correctness and signaturehandling is high.The general subjects covered are specification correctness and uncommon language features. Securityregarding all the aforementioned subjects is high.
In summary, we find that the level of security of the codebase is high. Discovered issues do not render the contracts immediately unsafe, but enable potential human errors.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Uniswap – Permit2
What is Uniswap Protocol?
“The Uniswap Protocol is an open-source protocol for providing liquidity and trading ERC20 tokens on Ethereum. It eliminates trusted intermediaries and unnecessary forms of rent extraction, allowing for safe, accessible, and efficient exchange activity. The protocol is non-upgradable and designed to be censorship resistant.”
Summary
GUniLPOracle is a specialized oracle in the Maker ecosystem that provides prices for the LP (liquidity provider) shares of GUNI pools. It determines the price of a GUni token based on the underlying tokens held in the UniswapV3 position at the current market rate of these tokens as returned by Maker oracle. GUNI works on top of Uniswap and serves as a generic wrapper of Uniswap V3 positions into ERC20 tokens with the goal to provide more flexibility to end-users that deposit or withdraw liquidity into Uniswap V3 pools.
On a high level, Uniswap V3 aims to utilize more efficiently the pool liquidity by allowing the LPs to choose the price range (lowerTick and upperTick) where their liquidity is made available. The rewards for an LP depend mostly on the trade volume on the price range that the liquidity has been allocated. This makes Uniswap V3 positions non-fungible. On the other side, GUNI is a module managed by Gelato Networks that tries to abstract the internals of the Uniswap V3 to end-users (LPs) and maximize their profits by allocating the liquidity continuously into optimal price ranges and investing the earned fees. In this setup, the LPs provide the liquidity into the GUNI pools, which deposit the liquidity into the Uniswap V3 and then mints the respective wrapped ERC20 tokens for the LP. Note that, the minted tokens (shares) by GUNI represent a position in the Uniswap V3 pool, however, such tokens are typical ERC20 tokens, hence fungible (while Uniswap V3 positions are non-fungible).
The goal of GUniLPOracle is to price the LP shares of GUNI pools according to the value of the position they represent in the Uniswap V3 pool. To achieve this goal the GUniLPOracle interacts with other oracles in the Maker ecosystem that provide price information for the related tokens and the respective GUNI pool. For this to work, the GUNI should provide a function getUnderlyingBalancesAtPrice(uint160 sqrtPriceX96), which forwards the call to the function LiquidityAmounts.getAmountsForLiquidity(). The core logic of the price calculation in GUniLPOracle is implemented in the function seek(). Similarly to other oracles of Maker, GUniLPOracle operates with two Feed variables cur and nxt which store the current price and the queued price respectively. The prices propagate through the system with 1 hour delay, therefore allowing wards to take measures in case the queued price nxt is set to an incorrect value.
About
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness, integration with external systems, and access control. Security regarding functional correctness is improvable due to potentially unexpected behaviour, see Unexpected staking of tokens. Security regarding integration with external systems is improvable due to slashing being unhandled for Kiln, see Unhandled stake slashing on Kiln.
The general subjects covered are gas efficiency, documentation, code complexity and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VII Smart Contracts
Avantgarde Finance implements integrations for staking Balancer LP tokens natively or on Aura and provides price feeds for the staked tokens and Balancer v2 stable pool LP tokens. Further, batching ParaSwap orders with optional individual failures, staking ETH on Kiln, and periphery shares wrapper contracts for arbitrary deposit tokens were introduced.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
Gearbox implements a general-purpose leverage protocol for ERC-20 tokens. The system is modular and consists of different parts. This report covers the new Gearbox V2 system. V2 consists of the samemodules as V1.
All modules work together within a release, some of the modules can be used acrossreleases. The following release-overarching combinations have been considered in this audit:V2 credit system connecting to a V1 Pool Service and the V1 AccountFactory / Credit Accounts.Other combinations have not been reviewed. Notably PriceOracle of V1 cannot be used in V2. Adapterscount as part of the credit system and must not be used across versions.
About Gearbox V2
“Gearbox is a generalized leverage protocol: it allows you to take leverage in one place and then use it across various DeFi protocols and platforms in a composable way. The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.
The core vision is to become a backend composable leverage protocol that all kinds of users have but don’t even need to interact directly with any interface. You can envision building your own DeFi protocol and just making a “take leverage with Gearbox” as a button. And bam – your users are now more capital efficient. Or integrate Gearbox into a platform like Zerion or Zapper.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
Q Blockchain is an Ethereum based chain with a delegated proof of stake (DPoS) consensus mechanism, on-chain governance framework, built-in stablecoin system, and numerous other features. Majority of those system elements are implemented as on-chain smart contracts, that interact with each other. The native token of Q Blockchain is called Q token.
About Q Blockchain
“Q combines the benefits of a public, open and decentralized ledger with the transparency of enforceable private contracts. Whether you want to interact with other businesses, build decentralized applications or simply send and receive tokens: Q is for you.”
The Q development team highly appreciates the audit performed by ChainSecurity. The matter of the audit consisted of a large number of highly interrelated smart contracts that compose a complex onchain protocol. The auditors' quick uptake and deep understanding of the overall system was very impressive. At the same time, their skill on the lowest coding level was equally impressive. The combination of these two qualities, among others, led to the discovery of some hard-to-spot yet easy-to-fix issues. With this code audit, the Q blockchain has reached a new level in terms of maturity and maintainability. For our ongoing development, we are already planning follow up audit sessions with ChainSecurity.
Tobias Latzke, Q Core Team
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, access control, and signature handling.
The contracts show a high level of functional correctness and handle signatures correctly. The general subjects covered are code complexity and gas efficiency. The code maintains an adequate level of complexity. Gas efficiency is good but could be improved in some cases.
In summary, we find that the current codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket Exchange Smart Contracts
Polymarket implements a prediction market for real-life events. This audit covers the governance and exchange part of the protocol.
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Source: https://docs.polymarket.com/faq/general#what-is-polymarket
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead
Summary
We did not uncover critical issues. The most severe subjects covered in our audit are the following two medium rated issues: Admin Set Too Early in LiquidityGaugeV4Strat and Zero Address Reward Distributor. As the system is already deployed and the issues are not critical, StakeDAO decided to not change the code.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO – LiquidLockers
StakeDAO implements so called liquid lockers. They allow users to earn yield on their locked tokens, make them transfer and still preserve voting power for the users.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
MYSO Finance implements a borrowing system which does not expose borrowers to liquidation risks. Each loan has the same duration and does not rely on any price oracle or curve-based pricing.The most critical subjects covered in our audit are asset solvency, functional correctness, access control, and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. In the first iteration of the engagement, we uncovered a few medium-severity issues related to the functional correctness that were addressed in the updated codebase.
The general subjects covered are upgradeability, documentation, trustworthiness, gas efficiency and code complexity. The contracts in scope of this review are not upgradable and do not have any privileged account, hence the security regarding upgradeability and trustworthiness is high. The project has extensive documentation and inline code specification. We reported possibilities to improve the gas efficiency which were acknowledged by MYSO Finance but not adopted due to code size restrictions. Regarding code complexity, we highlighted a functionality that implements a complex logic to optimize storage costs and could be simplified.
About Myso Finance – Core V1
MYSO v1 is a DeFi protocol that allows users to borrow without liquidation risk. For borrowers, this makes it easier to understand and manage crypto loans, while for lenders this provides new and sustainable yield enhancement opportunities.
The way this is achieved is through “zero-liquidation loans”, a novel risk transfer mechanism in which borrowers are relieved from liquidation risk while lenders get exposure to a physically settled covered call strategy.
The protocol operates without relying on any trusted third parties or oracles. Moreover, lending pools are isolated from one another such that potentially bad collateral assets in one pool cannot compromise the integrity of the others.
MYSO v1 can help mitigate some of the systemic risks associated with liquidation-centered credit markets, such as cascading liquidations, externalities from liquidation related MEV and oracle manipulation.
ChainSecurity has been an invaluable partner for us, and we highly recommend them to anyone looking for a high-quality audit. Their in-depth experience from having audited many of the leading DeFi projects made them the ideal sparring partner for us and provided rigorous preventative quality-assurance for our codebase. We were deeply impressed by their level of expertise, professionalism and attention to detail. We'd like to thank ChainSecurity again for their support and look forward to working with them again in the future.
Aetienne Sardon, Founder Myso Finance
Summary
ChainSecurity performed a smart contract audit of Curve Finance’s Tricrypto system, which extends their exchanges to swap 3 coins instantly, where the coins no longer need to be equivalent in value. The system consists of three relevant smart contracts written in the Vyper programming language.
Generally, Curve is a variant of a decentralized exchange (DEX) that relies on automated market making (AMM). Curve and similar AMM projects build upon the concept of liquidity pools and an invariant to determine the ratio/price to swap one coin vs another. A liquidity pool consists of multiple tokens. The tokens are added to the pool by so called liquidity providers. In return, liquidity providers receive a token that represents a share of the funds they own of the pool. Providing liquidity is incentivized by trading fees that the liquidity provider will receive when users trade (the fees are paid out indirectly by increasing the pool’s value). By having a certain amount of tokens, trades can be executed immediately in one transaction. The execution can be done immediately because no counter-party is needed.
Curve modified their function compared to e.g. Uniswap in a way that the price is more robust by introducing a modified invariant. This is achieved by flattening the curve around the equilibrium and shifting the curve given certain conditions are met. This new version aims to protect liquidity providers better, increase their profit and increase liquidity. The main invention of the new invariant is that the prices are included into the invariant. Additionally, conditional price updates are performed to shift the curve if desired.
About Curve Finance – Tricrypto
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for their very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance
Summary
The modular proxy actions allow execution of operations, a set of actions. An action contract performs a single function. This flexibility makes it trivial to compose new operations from actions, especially as actions may be added or upgraded.
The most critical subjects covered in our audit are functional correctness, security and whether the implementation is suitable for the intended purpose. While the modular implementation is suitable to reach the documented requirements it results in increased transaction costs which may hinder adoption. The modularity is significantly more complicated than a monolithic architecture. Extensive forked mainnet tests are recommended.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis.App – Modular Proxy Actions
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.
Besides the home made features, Oasis.app is integrating several solutions, like 1inch for liquidity and Uniswap Swap Widget, to improve more and more and make the UX as complete as possible.”
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
For this assessment Yearn redesigned the Yearn Vault system for voting escrow locked CRV tokens. This new yCRV Vault allows unidirectional conversion of CRV and old yveCRV tokens into new yCRV Vault tokens. Another contract is ZapYCRV – a helper converter that allows conversions between different CRV and yCRV related tokens. Using it, users can convert allowed tokens into lp-yCRV and st-yCRV – Curve StableSwap CRV/yCRV LP token and staked autocompounded yCRV token versions.
The most critical subjects covered in our audit are solvency, functional correctness and compatibility with external systems. Security regarding system solvency is high after the fix of a critical bug that caused users not to receive their tokens, see LPYCRV Outputs Not Transferred to User. Functional correctness is high. Compatibility with external systems is satisfactory, due to a justified potential delay of CRV tokens being locked, see CRV Not Locked When Used to Mint YCRV.
The general subjects covered are specification and error handling. Documentation and Specification are outdated and require significant extension, since system intentions and features are not fully describe. Error handling is extensive.
In summary, we find that the codebase provides a satisfactory level of security. Discovered findings have been fixed or their risks were accepted by the Yearn. We advice revisiting and addressing the issues for wich the risks were accepted. In addition, prior the deployment, we suggest using extensive testing techniques like property based testing and forked mainnet testing to avoid potential problems with the upgrade of the yveCRV system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn Finance yCRV and ZapYCRV
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
.png)
Summary
Morpho implements a peer-to-peer lending protocol that leverages the liquidity of existing lending protocols like Aave or Compound to allow instant withdrawals. Peer-to-peer matched users benefit from better rates than users of the underlying lending protocols.
The most critical subjects covered in our audit are access control, functional correctness and precision of arithmetic operations. Access control is extensive. Functional correctness of the main contracts is high. Functional correctness of the HeapOrdering data structure is not sufficient as the Heap data structure can be spammed. This issue can also lead to accidental violation of the Heap ordering, causing users additional gas fees. Precision of arithmetic operations is high.
The general subjects covered are documentation and gas efficiency. Documentation is extensive. Gas efficiency is improvable as shown in Gas inefficiencies.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Morpho (Aave V3)
“Morpho is a lending pool optimizer. It is a peer-to-peer layer on top of lending pools like Compound or Aave. Rates are seamlessly improved for suppliers and borrowers while preserving the same liquidity and liquidation parameters.”
Source: Morpho team
ChainSecurity did a rigorous and thorough report of Morpho’s contracts in spite of its inherent complexity and uniqueness. We enjoyed such professionalism and attention to details. We are confident this audit will harness Morpho’s security level.
Merlin Egalité, Co-founder Morpho Labs
Summary
Lido implements a staking protocol that allows users to stake their ETH while maintaining liquidity. In addition, it allows users to receive rewards for their staked ETH without running validator nodes. The inverse is true for node operators – they can run validator nodes and receive rewards without having to supply ETH themselves.
The most critical subjects covered in our audit are functional correctness, the trust model, and security of user funds. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency and access control. Some improvements to gas efficiency can be made.
The documentation provided was detailed and helpful in understanding the complexity of the system.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Lido
“Lido is a liquid staking solution for ETH backed by industry-leading staking providers. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending.
Lido attempts to solve the problems associated with initial ETH staking – illiquidity, immovability and accessibility – making staked ETH liquid and allowing for participation with any amount of ETH to improve security of the Ethereum network.”
We are completely satisfied with this engagement. ChainSecurity team was very flexible about slot booking and provided deep code analysis with non-trivial findings.
I’ve asked around about this whole experience and everyone considers your work over the top, thank you so much! ❤️
Lido on Ethereum Contributors
.svg)
Summary
Mellow Finance offers an investment protocol that pools investors funds and manages these funds according to an investment strategy smart contract.
The overall system has certain parameters managed by The ProtocolGovernance smart contract. Different vaults are responsible to keep the funds and/or invest them in other DeFi protocols like AAVE, YEARN or Uniswap. A root vault is the overarching connector for all vaults. The root vault is the entry point for a user to invest funds. Strategy contracts balance the ratios of tokens held in the vaults and between the vaults.
A user who wants to invest funds will send the funds to the root vault. The root vault will in return issue a corresponding amount of liquidity provider tokens to track the user’s investment to the user. The funds will end up in a special vault which acts as a cash position. As soon as a strategy manager invokes the vault rebalancing in the connected strategy, the strategy will distribute the funds from the cash vault to the investment/integration vaults. These vaults will use the funds to invest into the third party DeFi protocols like Aave. When a user decides to redeem/withdraw their liquidity provider tokens for the corresponding share of tokens, the root vault will drain the cash vault and if needed take more money from the investment/integration vaults.
About Mellow Protocol
“Mellow Protocol is permissionless vaults ecosystem for capital efficiency. The Protocol provides the layer for creating liquidity rebalancing strategies and helps to focus on models instead of infrastructure.
Mellow permissionless vaults are a set of smart contracts that allow anyone to create a multi-ERC20 token Vault and a Strategy on top of different DeFi protocols (like Uniswap, Yearn, etc.) and blockchains (like Ethereum, Optimism, etc.)
Vaults are smart contracts that put liquidity into different underlying protocols. The underlying protocol could be some well-known DeFi protocol like Uniswap, Sushiswap, Yearn, Compound, etc., or another Vault.
The tokens managed by Vault are fixed and immutable, i.e. Vault cannot start managing additional tokens or stop managing existing tokens. Each Vault can only put liquidity into one fixed underlying protocol.
When the Liquidity provider deposits liquidity into the Vault, he receives LP tokens back (or NFT token – that depends on a particular Vault). On withdrawal, the Liquidity provider burns the LP tokens and receives his liquidity and earned profits back.
The Strategy can only redistribute ERC-20 tokens between protocols. The tokens can leave the Vault only when the Liquidity provider withdraws it.”
Source: Mellow Protocol team
Mellow Protocol has really complex contracts and codebase. Our team was very happy to work with Chainsecurity. We were impressed by the professionalism and depth of the smart contracts study by Chainsecurity. The team's versatile approach helped us improve our codebase's security and effectiveness and added confidence before our protocol launch.
A huge thanks to the whole team and especially to Nico, Enis and Emilie for their patience and hard work!
Nick S, contributor @ Mellow Protocol
Summary
The most critical subjects covered in our audit are functional correctness, access control and compatibility with the Enzyme system.
Security regarding all subjects is high.
The general subjects covered are error trustworthiness, documentation, and interaction with external systems according to their documentation. Compatibility with external systems is extensive. However, note that for compatibility with Solv requires an upgrade by Solv, see Solv’s BUYER_PAY fee pay type is unsupported is valid. Documentation is good. Trustworthiness is high given the trust model. However, please consider the note Arbitrary Loan Powers. In summary, we find that the codebase provides an improvable level of security. Note that most items covered are of high security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions V Smart Contracts
Avantgarde Finance implements two new policies that allow fine-grained access control on adapters and external positions and a new list registry for unsigned integers used by the latter policy. Additionally, a derivative price feed for FIDU, an LP token with USDC as its underlying, is introduced. Further, a manual value oracle is implemented that allows its owner to set arbitrary uint256 values while keeping track of the latest update time. For its ownership transfers a new mixin is offered that implements the ownership transfer and claim mechanism. Arbitrary uncollateralized loans are offered through a new type of external position that allows to plug in accounting modules that compute the interest owed. Two such accounting modules are offered where one leverages the manual value oracle and the second one implements fixed interest. Two new external position types are also introduced to integrate with Solv Protocol’s convertible vouchers from the buyer and from the issuer side. Lastly, Avantgarde Finance updated the DepositWrapper contract.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are functional correctness, interaction with external systems according to their documentation, and compatibility with the Enzyme system. Security regarding all the aforementioned subjects is high. The general subjects covered are trustworthiness, documentation, and error handling. Security regarding all the aforementioned subjects is high. In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VI Smart Contracts
Avantgarde Finance implements changes for the external position for Compound to improve validation of the borrow and repay actions such that fund managers cannot mistakenly pay back zero amounts on unused cTokens which earlier removed the debt for a cToken with the same underlying. Additionally, changes were made to the fee reserve so that governance can do arbitrary calls from the fee reserve. Further, a new integration is implemented that allows minting and burning Balancer v2 LPs for arbitrary pools. For weighted Balancer v2 pools a pricefeed has been implemented. Last, a new external position type is introduced to integrate with Notional v2 so that depositing collateral, lending, borrowing, and paying back debt is possible.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The smart contracts implement the Executor for Governance actions on Arbitrum/Optimism, hence they bear a very privileged role within the Aave contracts on the network.
The most critical subjects covered in our audit are functional correctness and security of the queue / execution mechanism. The issues reported as part of the holistic assessment of the smart contracts security might affect the secure operation, depending on the behavior of the trusted roles.
In summary and under the assumption the trusted roles act correctly as expected, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Aave bridge executors
“Aave is a decentralised non-custodial liquidity market protocol where users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion.”
Summary
The most critical subjects covered in our audit are functional correctness, security and the users control over their own funds without having to trust third parties more than necessary. While the contracts overall implement the same functionality as their counterpart for Optimism/Arbitrum, the implementation and interfaces exposed differ.
Security regarding all the aforementioned subjects is high as the issues reported have been resolved. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Starknet Teleport
The smart contracts implement an extension to integrate the Starknet DAI Bridge into Teleport which facilitates fast transfers of DAI between different L2/L1 called “domains”.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness and interactions with the core contracts. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSSProxyActions
MakerDAO implements a new version of the proxy actions contract that, similar to the previous proxy
actions contract, offers functions that batch interactions with the DAI Stablecoin system.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are security and functional correctness.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Proxy
DssProxy implements a replacement for DSProxy, a proxy contract for users to use with the ProxyActions contracts of the Maker applications such as Oasis.app.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
Angle implements a new way to borrow Angle’s stable token agEUR by using over-collateralized loans with liquidation mechanism.
The most critical issue uncovered in our audit is a call to an untrusted address. The amount of issues uncovered are usual for a project of this size. The documentation of the project is good and the communication with the team was very professional. All issues were fixed accordingly or (in case of some low severity issues) acknowledged.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Angle Protocol – Borrowing Module
Angle is a decentralized stablecoin protocol, it has launched agEUR which has become the biggest decentralized Euro stablecoin in the market.
Once again, Chainsecurity has been able to provide a lot of value in a record amount of time, by thoroughly understanding the underpinnings of an intricate set of smart contracts we built. Not only did they catch the whole organization of the whole system, but they were also able to question the logic of the maths behind the code. Their help on this makes us far more confident in the quality of the system we will deploy.
Pablo Veyrat, Core Contributor @ Angle Protocol
Summary
Claim Fee Maker implements an addition to the Maker protocol enabling fixed-rate debt over a certain period of time. This addition works with existing ilks/vaults without the need for any change to the core system.
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the core Maker system. Claim Fee works by issuing claims for which the holder can claim compensation for the stability fee accrued. DAI for payout might be generated by minting unbacked stablecoin accounted to the VOW.
Issuance collects no payment, the privileged role issuing claims must compensate the VOW accordingly, this is not handled by the smart contracts reviewed. A claim fee is not connected to an actual debt position / urn. Plans exist to address this, please refer to note: No connection between ClaimFee and actual Debt.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They
complement but don’t replace other vital measures to secure a project.
About MakerDAO – Claim Fee
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are security, functional correctness and the impact on the existing system.
In summary, we find that the codebase provides a high level of security. There is a risk that the shutdown process is blocked in case the Governance pauses the Cure contract. For more information please refer issue description in this report.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Cure
Cure is an extension for the Dai Stablecoin System which allows contracts to report DAI amounts which must be subtracted from the total debt during the shutdown process. The necessity for this arose as a new extenstion, DSS-Wormhole generates such DAI which must not be included the settlement during shutdown.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, precision of arithmetic operations, front-running and signature handling. Security regarding most of the aforementioned subjects is high. Security of signature handling is basic due to possible ECDSA malleability, see ECDSA Signature Malleability. Security of front-running is good but keepers could lose funds to rogue makers unexpectedly due to unawareness of the exact functionality of sniping, see No Protection for Keepers.
The general subjects covered are unit testing, documentation, specification, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove
Mangrove implements an offer book based exchange. Individual offer books exist for each market consisting of a base and a quote asset. Technically an offer book is a sorted doubly linked list of offers. Each offer promises an amount of the so-called base asset and requests a certain amount of the quote asset. Makers create these offers. Takers take these offers by executing a so-called order. During the execution of an order, the amount of the base quote is transferred to the maker first before the maker address is called to execute arbitrary code. During this call, the maker must do all actions necessary and make the amount of the base asset available for the exchange to collect.
Offers are just promises and the execution of an order may fail. When an offer fails e.g., because it failed to make available the amount of tokens to the exchange, the execution of the order is stopped. A penalty mechanism exists to incentivize makers to have working offers. Upon offer creation, the maker has to provide a so-called provision in Ether to cover for the gas costs should the transaction revert. If the offer
succeeds, the provision is returned to the maker. When an offer fails, a part of the provision is given to the taker to compensate for his lost gas costs.
A callback to the maker at the end of an exchange allows the maker to update his offer.
The system is administrated by the governance which can add/remove or pause token pairs or change the parameters of the system.
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove
Summary
Swaap Finance implements an automated market maker protocol, with the intention to eliminate the losses of the liquidity providers, while enabling them to collect the fees from trades. This is achieved by dynamic
weighting of the underlying tokens and stochastic spread mechanism.
During the review, no critical issues were uncovered. All the uncovered issues have been mitigated or fixed. The most critical subjects covered in our audit are resistance to assets siphon attacks, stochastic process
simulation precision and integration with external systems. Security regarding all the aforementioned subjects is high.
The general subjects covered are trust model, functional correctness and specification quality. All the aforementioned subjects were of sufficient quality.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Swaap Core V1
“Swaap is the first market-neutral automated market maker. It brings efficient features from traditional Market Makers on-chain to strongly reduce impermanent loss, a phenomenon that causes LPs & Traders to lose billions of dollars each year.
- Liquidity providers access profitable market-making strategies (farming). The protocol strongly reduces impermanent loss and offers multi-asset pools
- Traders enjoy lower trading fees. Indeed, the protocol does not need to charge traders high fees to compensate LPs for their impermanent loss.”
We have been amazed by the quality of the audit performed by Chainsecurity, as they not only assessed the code but also addressed the core maths logics. This has enabled us to provide a more robust system to our users.
David Bouba, Co-founder at Swaap Labs
Summary
StakeDAO implements an alternative to staking into Curve, Angle or Frax and earn additional rewards. Similar to Curve the reward allocation can be voted on by Stake Dao token holders who locked their stake Dao in return for voting escrowed Stake Dao.
The first code assessment was limited to three contracts (see Version 1 and Version 2 ). The issues found are tagged accordingly in this report. As a result of the first code assessment the documentation and inline comments were refined and enhanced, however there is still room for improvement. In the second stage of the code assessment, we reviewed most of the system as laid out in Scope.
We uncovered one high and one medium severity issue. In the high severity issue a wrong variable is used as index. The medium severity issue is already public. Angle tweeted about it and fixed it in their code base. The remaining issues are of low severity. A few low severity issues remain acknowledged or partially fixed but all other issues including higher severity issues were fixed accordingly.
The communication with the team was always professional and quick. We are happy to help in the future and conduct the review for the remaining contracts. The current code base provides a satisfactory level of security. Still, we recommend to always keep up with the testing and put enough time and efforts into testing edge cases.
It is important to note that security code assessments are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO Frax
“Stake DAO is a non-custodial platform where you can do more with your money. Easily grow, track, and control your assets right from your wallet.”
Summary
Oasis.app implemented an automated management solution for Maker’s collateralized debt positions (vaults). Users manage command triggers which are executed by bots. In the current implementation, users can allow the Automation smart contract to automatically close their vault position should the collateralization go below a certain threshold. All in all, no high severity issues were uncovered. All the issues have been addressed.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.
Besides the home made features, Oasis.app is integrating several solutions, like 1inch for liquidity and Uniswap Swap Widget, to improve more and more and make the UX as complete as possible.”
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
The most critical subjects covered in our audit are the functional correctness and security of the DAI bridging mechanism, the functional correctness of the L2-DAI ERC-20 contract, the protection against censorship, and the functional correctness of relaying governance spells.
The documentation of the project contains a risk section discussing potential threats which helps the overall security of the project.
The security and the functional correctness of the reviewed version of the smart contracts is high, all critical and high severity issues uncovered in previous iterations of the review have been fixed.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project. Furthermore, due to the experimental nature of the L2 solution some risks remain.
The report will give an overview of the system, our methodology, the issues uncovered and how they have been addressed.
About MakerDAO: StarkNet DAI
MakerDAO implements a layer 2 DAI contract for StarkNet, a ZK-Rollup for Ethereum, and DAI bridging contracts from the layer 1 to layer 2. That also includes contracts for sending governance spells from layer 1 to layer 2.
—
“StarkNet is a permissionless decentralized Rollup operating as an L2 network over Ethereum. StarkNet allows any dApp to achieve unlimited scale for its computation, without compromising Ethereum’s composability and security, thanks to its reliance on the safest and most scalable cryptographic proof system — STARK. StarkNet is built on the Cairo programming language, the first production-grade Turing complete von-Neumann verifier on Ethereum.”
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
I would like to thank CS for their diligent work on StarkNet version of DAI. Their input greatly helped us improve our codebase. Looking forward to working with them in the future!
Maciej Kamiński (software engineer @ MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness, dependency on external contracts, and precision of arithmetic operations. Security regarding all the aforementioned subjects is high.
The general subjects covered are usage as a library, code complexity, documentation, specification, and gas efficiency. In general, these subjects are satisfactory. However, specification and documentation are non-existing, see Insufficient documentation, while code complexity is high due to complex control flows. That makes understanding the system and integrating with it difficult.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Farming
1inch implements two types of farming contracts. While the first one is a traditional farming contract where tokens need to be deposited for reward eligibility, the second one is as ERC-20 library contract which has farming capabilities built-in and, thus, allows for participating in multiple farms without requiring individual deposits in each one.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity and gas efficiency. All the aforementioned subjects were of high quality.
In summary, we find that the codebase in its current state provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About
The current version of the DAI Wormhole allows fast withdrawal (called “teleport” in the project’s terminology) of DAI from a supported L2 solution onto L1 Ethereum. Using trusted oracles, the DAI can be issued on the receiver domain based on the promise that the amount will eventually be settled through the default bridge.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
.png)
Summary
ClayStack implements a staking pool implementation that simplifies the staking MATIC tokens on numerous Polygon validators. A user that joins the pool, locks MATIC tokens and gets csMATIC tokens that accumulate the rewards over time. The csMATIC tokens can be then burned, to get the locked MATIC tokens back.
The most critical subjects covered in our audit are the security of the pool and token contracts, the functional correctness and the safety of the deposited funds. Security regarding all the aforementioned subjects is high.
In the final iteration after the intermediate reports no issues remain open. Overall we find that the codebase in its current state provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About ClayStack Matic
“ClayStack is a decentralized liquid staking platform that enables you to unlock the liquidity of staked assets across multiple chains. You can stake your assets and use the issued staking derivatives across the DeFi ecosystem.”
Summary
All in all, only one medium importance issue was uncovered where the remaining amount after a loan repayment remains locked in the external position. Furthermore, a few more minor design issues are reported. All the issues have been corrected.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the aforementioned modules to be added to the system of a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Extensions III Smart Contracts
The present report covers the implementation of the Fuse lending adapter, the Aave borrowing external position, the upgrade in the UniswapV3 external position where all liquidity NFTs are handled by the same external position and the USD to ETH price oracle.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
During the review, no important issues were uncovered. The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity, gas efficiency, documentation and specification. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions II Smart Contracts
These extensions introduce small changes in the Sulu core (Protocol Fee: Conditional burn or transfer of $MLN, Position Limit is now an immutable, Overhead handling finalization of Synthetix has been removed, 1st action after creating an ExternalPosition). Additionally a simplified PerformanceFee, and a ConvexCurvePool staking wrapper have been reviewed.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)
Summary
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the existing system.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – DSS Crop Join
DSS-Crop-join introduces support for new ilks with a join adapter facilitating the staking of the collateral tokens in a third party system to generate reward instead of simply holding the tokens at the join adapter. The generated reward is distributed amongst the users the collateral belongs to.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Source: https://makerdao.com/en/whitepaper/
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
During the review no important issue was uncovered. The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
General subjects covered were code complexity and gas efficiency. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Curve LP & stETH oracle
The curve lp oracle contract implements a specialized oracle for the maker ecosystem that provides prices for lp tokens of a curve.finance pool. It determines the price based on the curve pools get_virtual_price() function. Its architecture is very similar to other pricefeeds such as e.g. the G-UNI LP Oracle. The stETH price feed implements a specialized oracle retrieving the price of stETH.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Source: https://makerdao.com/en/whitepaper/
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
MakerDAO implements a registry which allows users to only have one CDP ID per ilk. The registry will allow having an experience similar to the original proxy actions in the Charter and Cropper proxy actions.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are gas efficiency, documentation and trustworthiness. Security regarding all the aforementioned subjects is high.
In summary, no issues were uncovered and we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – CDP registry
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
(Source: https://awesome.makerdao.com/#beginner-guides)
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The most critical subjects covered in our audit are functional correctness of the changed code and the impact of the change on the existing system.
In summary, we find that the introduced change works correctly and does not introduce a security risk. No issue was uncovered during the review.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – Rate Limited Flapper
MakerDAO added new functionality to the existing flapper contract: The amount of DAI under auction at the same time can now be limited.
It was a pleasure working with ChainSecurity. They maintained clear and direct dialogue with us and we look forward to working with them on future Layer 2 solutions to help us scale and grow the DAI ecosystem.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
Yearn Finance implements a partner tracker that tracks the vault deposits done over an affiliate partner. The tracked amount is simply the sum of all funds deposited via the partner into a specific vault.
We did not uncover any security related issues. Minor issues like unused imports or constants were found. Also, for a small code base we recommend to follow best practices and comment as well as document the code accordingly. All issues found were fixed accordingly.
In summary, we find that the codebase provides a high level of security.
About Yearn Finance – Partner Tracker
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
Avantgarde Finance implements extensions for Sulu. These extensions concern the implementation of a universal Curve adapter, the redemption of deprecated synthetic tokens for sUSD, improvements that allow users to repay their full Compound debt positions, the configuration of the name and the symbol of the shares of the funds, and the interaction with Olympus protocol.
During the review, no important issues were uncovered. All the minor issues have been fixed. The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. General subjects covered were code complexity, gas efficiency, documentation and specification. All the aforementioned subjects were of high quality.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu extensions Jan ’22
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
Angle implements a decentralized, over-collateralized stablecoin protocol. This report is an extension to the main audit report and reviews the new Angle staking and surplus extension. The staking functionality has been changed completely. The surplus extension introduces an additional fee in the PoolMaster contract where a part of the profit of a strategy is taken as surplus, converted into the selected token and deposited into the FeeDistributor. The FeeDistributor later distributes to veAngle holders (long term admins).
The most critical subjects covered in our audit are the security of the new contracts, the functional correctness and the impact of these changes on the existing system.
Contrary to the extensive documentation which exists for the main Angle Protocol, no documentation exists for the new functionality. This not only makes the understanding of the code more difficult but also prevents this review from cross checking if the implemented behavior matches the expected and documented behavior. Instead we had to make assumptions on the expected behavior. Based on our discussions, we assume that the documentation will be published in a timely manner since the changes impact the agents in the current system, notably the standard liquidity providers.
In the final iteration after the intermediate reports no issues remain open while two issues are acknowledged. The functional correctness is high.
Overall we find that the codebase in its current state provides a high level of security.
About Enzyme Sulu extensions Jan ’22
“Angle is the first over-collateralized, decentralized and capital-efficient stablecoin protocol. Thanks to the liquidity providers it uses, the protocol proposes full convertibility between stable assets and collateral, meaning that it is possible to swap collateral against stable assets, and stable assets against collateral at oracle value. This makes the protocol not only capital efficient but also highly liquid.
Angle Protocol could be used to issue any stablecoin, and will start at launch on mainnet with a stable Euro. Besides creating the first liquid Euro stablecoin, the goal of Angle is to create stablecoins for almost all Forex currencies, including the US Dollar.”
Chainsecurity managed to rapidly understand and analyze a code that has been partially forked. They understood in an impressively low amount of time why Angle made changes and how these changes could impact the whole system! Once again, we thank them for their flexibility and rigor!
Pablo Veyrat, Core Contributor @ Angle Protocol
Summary
ChainSecurity reviewed the smart contracts of the Gearbox system. A detailed system description can be found in our report.
All the issues uncovered by the current review have been fixed, except for a low-level design issue which was only partially addressed.
About Gearbox
“Gearbox is a generalized leverage protocol: it allows you to take leverage in one place and then use it across various DeFi protocols and platforms in a composable way. The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.
The core vision is to become a backend composable leverage protocol that all kinds of users have but don’t even need to interact directly with any interface. You can envision building your own DeFi protocol and just making a “take leverage with Gearbox” as a button. And bam – your users are now more capital efficient. Or integrate Gearbox into a platform like Zerion or Zapper.”
ChainSecurity has been an invaluable partner for us since the initial version of Gearbox. Their team pays close attention to every detail, prioritizing quality over quantity by carefully selecting the best auditors. This ongoing collaboration has transformed them into true partners in our journey, helping us develop the protocol safely.
0xMikko, Inventor of Gearbox Protocol
Summary
The present report covers the implementation of the extension for UniswapV3-LP, the adapters for PoolTogetherV4 and ParaswapV5, the list attestation for the Address List Registry as well as the Fund Value Calculator and its wrappers. All in all, only minor issues were uncovered which were addressed.
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradability, unit testing and gas efficiency. Security regarding all the aforementioned subjects is high. The specification provided was comprehensive.
In summary, we find that the aforementioned modules to be added to the system of high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions Dec ’21
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
The Direct Deposit Module (D3M) enables the interaction of the Maker ecosystem with third-party lending pools. DssDirectDepositAaveDai is a smart contract of this module that enables the transaction of DAI tokens from Maker to the respective lending pool of Aave. The goal of this smart contract is to ensure that the maximum variable interest rate for borrowing stays below a targeted interest rate decided by the Maker governance. In Aave, the variable interest rate of a pool depends on the utilization of that pool, which is the ratio of the total debt taken over the total liquidity put in the pool. Therefore, the higher the utilization of a pool, the higher becomes the variable interest rate. This strategy motivates liquidity providers to deposit capital in the pool when utilization is high.
The goal of DssDirectDepositAaveDai is to limit the maximum variable interest rate for the DAI pool in Aave by depositing or withdrawing DAI from the pool as needed. To achieve this functionality, the DssDirectDepositAaveDai needs:
- to be an authorized ward in the Vat, and
- operate on a special ilk.
The essential feature of this ilk is that it allows the DssDirectDepositAaveDai to generate DAI tokens on the fly without requiring a traditional collateral in another token. The ilk should have the rate set to 1, and the spot price fixed to 1. Note that, the generated DAI over this ilk can only be transferred to the DAI pool in Aave, hence the ink that the contract has in Vat is backed with the aDAI (interest-bearing token in Aave pegged to the value of DAI at 1:1 ratio) the contract holds. This way, the aDAI amount owned by DssDirectDepositAaveDai in Aave serves as ink in this special ilk for the generated DAI. It is important to note that the Aave pool is fully trusted to behave correctly. Whenever the variable interest rate of the pool is below the targeted threshold, DssDirectDepositAaveDai withdraws (if possible) liquidity from the pool and pays back the DAI debt in Vat and destroys the respective gem amount. Finally, all interests earned in the Aave pool by the contract are transferred to the Vow contract.
About MakerDAO – Direct Deposit Module (D3M)
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
DSS-Charter introduces a permissioned vault manager which allows users to take debts with origination fees instead of standard fees of Maker (stability fee). This is targeted for institution which have off-chain agreements with Maker. The fee is accrued when debt is taken and in exchange those urns feature fix/beneficial lending rates. For this, special ilks (collateral types) will be enabled in the Vat of the Maker system. These ilks use a special join adapter, which is also part of this review (join-managed). The join-managed adapter ensures that entrance/exit of collateral happens through the CharterManager only, and the CharterManager contract ensures that this is done only for urnproxys.
The receiver of the fee in form of generated DAI is the VOW Contract (Settlement Engine).
Anyone may open an urnproxy at the CharterManager contract and deposit collateral in form of a supported ilk. Apart from permissioned vaults, un-permissioned vaults may be supported as well. Note
that, by default the un-permissioned mode is enabled for any ilk where any user is allowed to draw debt. The mapping gate allows wards to enable the permissioned mode per ilk. For ilks with the permissioned mode enabled, only whitelisted accounts, namely accounts that have received a non-zero debt ceiling may draw debt. Attempts of un-permissioned vaults to draw debt for those ilk fails as their debt ceiling is zero.
Joining or exiting collateral and repaying debt (call to frob() with dart less or equal to zero) are indifferent between permissioned and unpermissioned vaults for any ilk. The intended use is that each user executes the DssProxyActionCharter code through his own DSProxy.
Note that it’s nevertheless possible to directly interact with the CharterManager.
About MakerDAO – DSS
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
It was a pleasure working alongside ChainSecurity throughout the audit of our smart contracts and oracles. They maintained clear and direct dialogue with us, and an attention to detail that covered all bases. We look forward to working with them on future solutions to help grow the adoption of DAI.
Derek Flossman, Head of Protocol Engineering Core Unit (MakerDAO)
Summary
The planned merge of Keep Network (KEEP token) and NuCypher (NU token), will form a new network called Threshold network with a new native token called T. The contracts under review offer KEEP and NU holders to wrap and unwarp their tokens into the newly created T tokens and a staking contract to stake them but simultaneously supports the legacy staking contracts.
About Threshold Network
Threshold Network is a decentralized threshold cryptography network with its genesis in the merger of the NuCypher and Keep networks. It provides developers with a suite of threshold cryptography primitives including threshold signatures, proxy re-encryption, distributed key generation, and a random beacon. It’s used by developers to build asset bridges (such as tBTCv2, a decentralized wrapped Bitcoin) as well as data privacy and access controls into their applications.
We’re very thankful for the opportunity to collaborate with ChainSecurity on their security audit of the Threshold Network, the new network formed by the merger of NuCypher and Keep. The staking contracts in Threshold are complex: needing to account for T, NU, and KEEP stakers on one hand and multiple services (proxy re-encryption, tBTC, the random beacon, and more) on the other. ChainSecurity developed a holistic understanding of the system and its key parts, delivering an actionable review and suggestions that directly benefited and improved the contracts being reviewed.
MacLane Wilkison, Co-founder & CEO (NuCypher)
Summary
In our initial report, we reviewed the smart contracts of the multiply smart contracts. In this new report, we review an updated version of those smart contracts.
The flashloan provider was replaced to be the Maker Flash Mint Module. Now, instead of the AaveLendingPoolProvider’s address, the address of the flashloan provider is directly passed. However, any address implementing EIP-3165 can be passed as an argument.
Furthermore, the flashloan provider remains fully trusted.
About Oasis Multiply FMM extension
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.”
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
The review up to the intermediate report was done in two phases. After the intermediate report all raised issues have been addressed. Overall, the implementation and its documentation are of a high standard. Apart from the new functionality, the codebase is largely unchanged from the previous release except for some refactoring.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Protocol v4 Sul
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
“Primitive is an oracle-free solution to scalable and efficient on-chain derivatives, reflecting our belief that the future of decentralized finance should not depend on expensive (and often brittle) oracles.”
(Source: Primitive Finance)
About Primitive Finance – Core engine smart contracts
“The features on launch include:
- Concentrated fungible liquidity
- Liquidity pool tokens that replicate covered call options
The protocol can be used for:
- Earning swap fees as a liquidity provider
- Swapping between tokens of underlying pools
- Building structured products using the composable liquidity pool tokens
- Creating liquidity pools for any token pair
Out of the box, Primitive is the base infrastructure for an oracle-free DeFi and the future of on-chain derivatives.”
Summary
NFTfi offers a platform for receiving loans while offering an NFT as collateral. The current system supports peer-to-peer loans. Meaning, a borrower offers an NFT as collateral and a lender transfers ERC-20 tokens to the borrower. In case the payback time is exceeded, the lender has the right to liquidate the loan and withdraw the NFT from the lending contract. Furthermore, renegotiations of the loan terms are possible in the NFTfi Marketplace.
About NFTfi
“NFTfi is the leading peer-to-peer liquidity protocol for NFTs. Since May 2020, it allows NFT holders to use the NFT they own to access the liquidity they need, by receiving secured ETH and DAI loans from liquidity providers peer-to-peer. NFT liquidity providers use NFTfi to earn attractive yields or – in the case of loan defaults – to have the chance to obtain NFTs at a steep discount to their market value.
NFTfi’s vision is to build a fully decentralized, permissionless, user-owner public utility, supporting the seamless financialization of NFT based economies through innovative mechanisms and highly user-friendly applications.”
Source: NFTfi Team
The audit process was so much more pleasant and constructive than I imagined - I expected something much more clinical to be honest!
Ryan Lemmer, CTO
Summary
The Angle Protocol offers investment opportunities for different kinds of actors. The protocol brings together:
- Stable Seekers: Actors looking to exchange a certain collateral token into a stable asset and back at the current market rate
- Hedging Agents: Actors looking for a perpetual future in order to increase the leverage on their collateral
- Standard Liquidity Providers: Actors looking to increase the interest earned by their collateral
The Angle Protocol issues three kinds of tokens:
- Stablecoins such as e.g. AgEur
- SanTokens for Standard Liquidity Providers representing their contribution
- Perpetuals which are technically NFTs
For each Stablecoin (e.g. AgEUR) a StableMaster is deployed. For each StableMaster the supported collaterals can be added individually. For each collateral of a StableMaster, a SanToken and a PerpetualManager are deployed.
Such a market issuing stablecoins must be collateralized at all times. Hedging Agents cover the collateral brought by stable seekers against price decrease. As no perfect match will exist at any time given, standard liquidity providers add additional liquidity in form of collateral while being able to earn interest accrued by the whole amount of this collateral held by this stablemarket. Variable fees play a vital role in the system. Overall the demand between the participants should be balanced for the system to work properly. To achieve this, the fees depend on the current state of the system. Actions balancing the system are cheaper compared to actions bringing the system into an even more unbalanced state where the fees increase accordingly. Many parameters exist for the governance to fine tune the fees system. For the proper working of the system the correct choice of these incentives is vital.
The system is governed by a DAO. Most contracts are upgradable through a proxy pattern.
About Angle Protocol
“Angle is the first over-collateralized, decentralized and capital-efficient stablecoin protocol. Thanks to the liquidity providers it uses, the protocol proposes full convertibility between stable assets and collateral, meaning that it is possible to swap collateral against stable assets, and stable assets against collateral at oracle value. This makes the protocol not only capital efficient but also highly liquid.
Angle Protocol could be used to issue any stablecoin, and will start at launch on mainnet with a stable Euro. Besides creating the first liquid Euro stablecoin, the goal of Angle is to create stablecoins for almost all Forex currencies, including the US Dollar.”
Chainsecurity did not only run a thorough static analysis of our code like a normal auditor would do, but they also made the effort to understand the Angle protocol as a whole, helping us make our code safer and our protocol more efficient!
They were the perfect partner for us building a highly complex system!
Pablo Veyrat, Core Contributor @ Angle Protocol
%20deposit.png){kind=tracking}
Summary
ChainSecurity has performed a smart contract audit of POA Network’s SBC deposit (Stake Beacon Chain). The issues identified by ChainSecurity have all been corrected by POA Network.
POA Network offers a Stake Beacon Chain (SBC) deposit contract that is supposed to be used by stakers in the context of a Proof-of-Stake consensus. Stakers will first come to an agreement with a validator node about the amount to stake, then it will deposit the agreed-on stake amount to a deposit contract, such as the one proposed by POA Network.
The contract is based on the original Ethereum 2.0 deposit contract, but SBC Deposit adds extended functionality to it:
- ERC20 deposits: Stakers can deposit ERC20 STAKE tokens instead of native tokens
- batch deposits on top of normal deposits: batch deposits are fixed at 32 STAKE per deposit and normal deposits are floored to 1 STAKE
- support for ERC677: Adds a hook on ERC20 tokens transfer to trigger token receiver
- upgradeability: A proxy pattern is used to have the ability to upgrade the implementation contract
- claimability: An admin is able to withdraw any mistakenly sent non-STAKE tokens (ERC20 or native) in order to give them back to their owners
- contract can be paused: This functionality is only available for the admin
As the original contract, StakeDepositContract implements an incremental Merkle tree algorithm to keep track of the deposits’ history. It can contain up to 2^32 – 1 deposit records and allows root computation in O(log(n)).
About POA Network – “Stake Beacon Chain (SBC) deposit
“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.
POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”
“We keep coming back to Chain Security for our protocol and contract audits! Their team is top-notch, delivering comprehensive reviews, fast turnaround, and collaboration from start to finish to ensure our code is of the highest quality and as secure as possible.”
Igor Barinov, POA Network
Summary
HOPR is building a privacy-focused network featuring a built-in incentive model. The reviewed HoprChannels contract allows nodes to create a payment channel between each other and authorize transfer of HOPR token between them. These transfers are done via a ticket system, where each ticket has a certain predefined probability to win. Winning causes a transfer of tokens between the channel participants. On a code level the channels are unidirectional, meaning channel “A to B” is not equal to “B to A”.
To keep the whole process fair, the winning probability depends on variables that are unknown in advance. For each ticket emitted by A for the “A to B” channel, B has a commitment that is unknown to A. Meanwhile, B does not know this proof of relay in advance and has to transfer the message further to the network to know it. This process makes HOPR’s proof-of-relay incentive mechanism cheat-proof and ensures relay node operators actually do their work to get paid.
Each of these unidirectional channels has “channelEpoch”, “ticketEpoch”, and “ticketIndex” as associated variables, which the ticket emitter is assumed to take in account during the generation.
About HOPR-Payment Channels
“The HOPR protocol is a layer-0 privacy foundation for anyone to build on, providing network-level and metadata privacy for every kind of data exchange. A mixnet protects the identity of both sender and recipient by routing data via multiple intermediate relay hops that mix traffic. Payments are handled via probabilistic micropayments, HOPR’s custom layer-2 scaling solution. Relay mix nodes are rewarded for their work in HOPR tokens. HOPR’s proof-of-relay mechanism protects the network from dishonest behaviour, providing everyone with economic incentives to run a global privacy network sustainably and at scale without compromising privacy.”For more information, visit https://hoprnet.org
The entire HOPR team is once again grateful for the highly professional audit by ChainSecurity. Our payment channel and proof-of-relay mechanism is an intricate design that was rapidly understood and evaluated by their auditors, who then delivered an excellent review to help the HOPR community keeping funds in the HOPR payment channels SAFU.
Dr Sebastian Bürgel, HOPR Founder
Summary
ChainSecurity audited Curve Finance’s s ETH / ETH smart contract.
The reviewed project consists of one smart contract StableSwapETH.vy written in the Vyper programming language. It implements a liquidity pool based on an invariant called StableSwap and described in Curve’s whitepaper.
About Curve Finance – “Curve ETH / sETH”
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
%20%E2%80%93%20NameWrapper.png)
Summary
ChainSecurity audited ENS’ namewrapper smart contracts.
The provided contracts implement a wrapper which allows for ENS names to be wrapped as ERC1155 tokens. Moreover, it introduces a set of fuses for each domain name which facilitate permission control.
About Ethereum Name Service (ENS) – NameWrapper
“The Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain.
ENS’s job is to map human-readable names like ‘alice.eth’ to machine-readable identifiers such as Ethereum addresses, other cryptocurrency addresses, content hashes, and metadata. ENS also supports ‘reverse resolution’, making it possible to associate metadata such as canonical names or interface descriptions with Ethereum addresses.”
Summary
ChainSecurity audited the Oasis “Multiply” smart contracts.
Oasis provides a frontend for interacting with the Maker system which allows users to easily open a vault, deposit collateral and generate DAI backed by the locked collateral. Each user first deploys a DSProxy contract which is used to interact with the functionality provided. The proxy allows the user to execute code of the Oasis smart contracts aggregating functionality to perform certain actions wrapped in one transaction.
Like leverage trading that creates a larger position from a smaller investment amount, it is possible to use borrowed DAI from locked collateral to buy more collateral and use this collateral to borrow more DAI. By doing this repeatedly, long chains of exposure to the collateral can be generated. The new MultiplyProxyActions introduces the support for leverage actions while reducing the number of total transactions to one and the total number of transfers to the vault to one deposit by leveraging flash loans. Oasis’ new MultiplyProxyActions contract contains functionality allowing users to easily increase and decrease the multiply factor and, thus, simplifies actions for creating, withdrawing and modifying leveraged positions.
About Oasis – Multiply Smart Contracts
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.”
Chain Security's team showed a high level of professionalism in the essential/engineering area and communication. They were helpful and open for dialogue while providing expertise and recommendations. Oasis.app must be a product our users can trust. We look forward to continuing our work with Chain Security to assure this trust.
Lukasz Baksik, Head of Operations at Oazo Apps Ltd. (oasis.app)
Summary
ChainSecurity performed a smart contract audit of MakerDAO Optimism DAI bridge smart contracts.
Amazingly, we identified no findings above low severity, which is an extremely rare occurence.
We congratulate the MakerDAO Protocol Engineering Core Unit for their excellent work.
About MakerDAO – Optimism DAI Bridge
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance. Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.
Summary
ChainSecurity performed a smart contract audit of Rarible’s staking contract, ERC721 token contract, and ERC1155 token contract.
ERC 721 and ERC1155
The ERC721 and ERC1155 contracts are build using OpenZeppelin’s upgradeable token templates. The following additional functionality was implemented:
- Multiple creators. A minted token is associated with one or multiple creators, namely the addresses that signed the minting data. Each creator of a token owns a share of it. The shares of a token need to add up to 10000, which represents 100% with 2 decimal places of precision.
- Mint and transfer. The function mintAndTransfer receives the minting data and signatures of creators, and then mints and transfers a token within the same contract call. The first creator of the token is the minter of the token. The mintAndTransfer function needs to be called by the minter or by a party approved by the minter.
- Default operators. The owner of the contract can assign the role of default operator. A default operator can transfer tokens of any user of the contract without prior approval from the user. The approval of a default operator cannot be revoked, and they can mintAndTransfer tokens on behalf of any minter.
There also a “User” version of the ERC721 and ERC1155 token contracts that does not have the “default operator” functionality. According to Rarible., these contracts are meant to be deployed using a proxy factory. They enable users to have their own contracts with the mintAndTransfer functionality. The minter of tokens on these contracts can only be the owner of the contract.
Staking contract
Staking contract allows users to lock ERC20 tokens for a period of time. The smallest unit of time that the contract tracks is one week. Each individual stake is identified by an ID and consists of 2 lines. The first
line is the lock line and it is defined by the following 3 parameters:
- Bias – the amount of tokens that the user locks inside the contract.
- Slope – the mount of tokens that are unlocked every week.
- Cliff – the period (in weeks), during which there is no unlocking.
The second line is the stake line, which equals the lock line scaled (multiplied) by a coefficient. That coefficient is computed based on cliff and slope period durations of the lock line. The longer any of the
two periods is, the greater the scaling coefficient will be. Each unique stake is associated with an owner and a delegate addresses. The delegate address is the address whose stake balance is increased by the
stake line of the given stake. The stake balance of the delegate address is the sum of all stake lines of all stakes that are delegated to it. The owner of a line can do following actions with the lock lines:
- Change the delegate of a stake line using the delagateTo function.
- Delete an existing lock line (identified by its ID), as well as update a lock line with a new bias and slope, provided that the bias is above the current locked amount and the new line terminates no earlier than the original line. That can be done by using restake function.
- Withdraw the already unlocked funds from all owned stakes.
The amount still locked is determined by the sum of all lock lines owned by address. The staking is assumed to be done with the Rari ERC20 token . The staking contract can be stopped by the contract’s owner. After stopping, no stakes can be created or changed. Users can withdraw all the tokens that they had in the contract. The contract’s owner can put the staking contract into a migration mode. In this mode stakes can be created and changed, but the user can also migrateTo specific ID stakes into a new contract.
About Rarible – Staking, ERC 721, ERC 1155
“Rarible is a software allowing digital artists and creators to issue and sell custom crypto assets that represent ownership in their digital work.
Of note, Rarible is both a marketplace for those assets, as well as a distributed network built on Ethereum that enables their trade without a middleman.
The tokens that creators generate on Rarible are known as non-fungible tokens (NFTs). Each NFT is unique, and unlike bitcoins (or other units of money), they are not interchangeable. This property is known as fungibility, which is why tokens on Rarible are called non-fungible.”
Summary
ChainSecurity performed a smart contract audit of the HOPR token smart contracts.
The HOPR token implementation extends the ERC777 with a snapshot ability. Because of the data types employed, a maximum of 3.4*10^20 tokens (with 18 decimals) can exist. An additional distribution contract manages different vesting schemes. The token must be minted via a minter role, since the distribution contract calls the mint function to distribute the token. Additionally, a default admin role exists to grant permissions to the minter role. The token distribution is flexible and one account can be part of different distribution schemes.
No critical severity findings were reported. There were two high severity findings, one medium severity finding and six low severity findings. All have now been fixed in the code, with the exception of one low severity finding related to theoretical snapshotting gas costs, where the risk has been temporarily accepted.
See the report for more information on our findings.
About Hopr – Hoprnet Token
“The HOPR protocol is a layer-0 privacy foundation for anyone to build on, providing network-level and metadata privacy for every kind of data exchange. A mixnet protects the identity of both sender and recipient by routing data via multiple intermediate relay hops that mix traffic. Payments are handled via probabilistic micropayments, HOPR’s custom layer-2 scaling solution. Relay mix nodes are rewarded for their work in HOPR tokens. HOPR’s proof-of-relay mechanism protects the network from dishonest behaviour, providing everyone with economic incentives to run a global privacy network sustainably and at scale without compromising privacy.”For more information, visit https://hoprnet.org
The ChainSecurity team went the extra mile to ensure the HOPR token and distributor contracts are secure. They even identified and resolved a complex issue in the ERC777 implementation by OpenZeppelin that's used by many projects in the space.
Dr Sebastian Bürgel, HOPR Founder
Summary
ChainSecurity performed a smart contract audit of POSDAO, with a main focus on the configuration for the xDAI POSDAO AuRa implementation.
The smart contracts reviewed implement the configurable logic for the operation of a POSDAO network. The actual configuration implemented corresponds to the settings for the xDAI POSDAO AuRa network. These smart contracts are used by the client software (currently OpenEthereum or Nethermind) to determine how to run the proof of stake network. Amongst others, this includes the logic to determine the set of active validators and the block rewards. The client software is configured accordingly through the genesis configuration of the chain and the core smart contracts expose standardized functions which the client queries. A staking contract deployed on chain allows participants to stake (either the native coin of the chain or tokens, depending on configuration) and to participate in the consensus.
See the report for more information on our findings.
About POA Network – POSDAO
POSDAO is a project from POA:
“POA Core is an autonomous network secured by a group of trusted validators. All validators on the network are United States notaries, and their information is publicly available. This distributed group of known validators allows the network to provide fast and inexpensive transactions.
POA organization also develops products and tools to improve interoperability, infrastructure and transparency throughout the ecosystem. These include BlockScout, an open-source explorer, TokenBridge, a multi-chain asset-transfer solution.”
ChainSecurity has a thoughtful and thorough approach to their auditing process, which is not always the case with security auditing firms. Communication was excellent throughout; their high level of scrutiny, attention to detail, and understanding of complexities helped improve our OmniBridge contracts.
Igor Barinov, POA Network
Summary
ChainSecurity performed a smart contract audit of Rarible Exchange v2.
Exchange V2 implements two main functionalities: order matching (matchOrder) and order cancellation (cancelOrder).
When a pair of valid orders is matched, at least one of the orders gets fully filled. Then, the fees and royalties are paid to the corresponding parties. The filling of the order is measured by the received take asset of the order. Due to flooring of the estimation of the remaining make amount from remaining take amount, some leftover make assets can be unsellable. Depending on the arrangement of arguments, the two orders of the pair are named Left and Right. An order is valid if its signature is valid or the invoker of the matchOrder is also the maker of the order.
A pair of orders is matchable if:
- For both orders, the receiver (taker) of the order, if defined, is the same as the offerer (maker) of the other one. If no taker is defined any offerer can match.
- The asset types used in the orders match, meaning the make asset type of one order should match the take asset type of other order.
- The make/take ratios of orders allow them to be filled. In other words, the seller and buyer can agree on the price. In case of matchable but different prices the left order dictates the price of the exchange. Because of the uint arithmetics, prices are estimated by uint and checks prevent price slippage with 0.1% accuracy.
The orders can be separated into two categories:
- Salted orders: In these orders a salt (a random number) is defined. The status of these orders is stored on the blockchain. An order can be partially filled. These orders can be canceled.
- Ad-hoc orders: they have salt set to 0 and need to be sent to contract directly by the maker. Filling degree tracking is off for such orders, while only the maker can resubmit the order.
A normal order is canceled by setting its filling degree to the maximum possible value. Cancellation of the order is possible only by the maker of the order.
About Rarible – “Exchange V2” smart contracts
“Rarible is a software allowing digital artists and creators to issue and sell custom crypto assets that represent ownership in their digital work.
Of note, Rarible is both a marketplace for those assets, as well as a distributed network built on Ethereum that enables their trade without a middleman.
The tokens that creators generate on Rarible are known as non-fungible tokens (NFTs). Each NFT is unique, and unlike bitcoins (or other units of money), they are not interchangeable. This property is known as fungibility, which is why tokens on Rarible are called non-fungible.”
Summary
The Unslashed-Enzyme Bridge system has been audited by ChainSecurity. The smart contract reviewed implements a bridge between Unslashed and Enzyme.
Enzyme is an on-chain asset management system supporting interactions with all major DeFi applications. Unslashed is a decentralized insurance protocol supporting many different markets. Furthermore, it allows for multiple markets to be bundled in a basket. This enables users to provide collateral for the whole basket instead of individual markets.
Read our report to find out more.
About “Unslashed Enzyme Bridge”
“Enzyme empowers you to build and scale vaults based on the investment strategies of your choice – from discretionary and robo to ETFs and market making. Security is our priority. Our second generation smart contract-enforced platform is thoroughly tested and audited before any mainnet deployments are made.”
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (Enzyme CEO)