Summary
The most critical subjects covered in our audit are the correct implementation of the PegKeeperV2 and the PegRegulator, the handling of assets by the PegKeeper, and attack vectors based on the manipulation of the liquidity and price oracles. No major issues were uncovered during the review. All the issues have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, gas efficiency, documentation, and specification and testing. The security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
Curve implements PegKeeperV2 a more fine-grained version of PegKeeper. The goal of PegKeeperV2 is to maintain the peg of CRVUSD in its stablepools by adding or removing liquidity in the form of CRVUSD.
—
About Curve PegKeeperV2
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
Summary
The most critical subjects covered in our audit are the functional correctness of the contracts, the oracle configuration, and the interaction with the rest of the Gearbox system. No severe issues were uncovered. All the issues reported have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V3 Oracles
Gearbox Protocol extends and refactors the oracle functionality used by the Gearbox Core V3.
—
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, absence of reentrancy possibilities, handling of funds and precision of arithmetic operations. Security regarding all is generally good. Security regarding functional correctness is good as long as drying out the Aave pool on purpose, see Provoking an Aave Liquidity Crisis, is unprofitable based on the borrow and supply caps, and the flashloan fees.
The general subjects covered are code complexity, error handling, unit testing, documentation, specification, gas efficiency, trustworthiness and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Strategies
Mangrove Association updated the existing strategies Mangrove Order, implementing Good-till-cancelled and Fill-or-kill orders, and Kandel, a “buy low, sell high” market-making strategy that leverages the Mangrove core system, while optimizing the capital efficiency by supplying the idle funds on AaveV3. The code was mainly adapted for compatibility with the changes made in the core. Additionally, the changes include some simplifications.
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
Summary
Even though the codebase is complex, we did not find any severe issues. The code quality is good and Mangrove provides a good documentation for their project.
The general subjects covered are functional correctness, security and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove core
Mangrove Association (ADDMA) implements an order book-based exchange where makers can post offers that are essentially promises to trade a certain token pair for a specified amount.
Takers can take these offers. When a taker takes an offer, the maker’s smart contract is called and needs to fulfill the promise to exchange the tokens. If the maker does not meet their obligation, a pre-defined gas reimbursement will be given to the taker. Makers need to deposit the funds to reimburse takers when creating the offer.
The project allows participants full control over their funds up until they can really be exchanged. Hence, avoiding idle or stale funds waiting for order execution. This version implements a new internal data structure, using a tree of bitmaps in order to efficiently find the next-best offer in the order book.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
Summary
The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Herodotus on Starknet
Herodotus provides a bridge between Ethereum’s L1 and Starknet’s L2, allowing for trustless proofs of state and storage values of Ethereum accounts on Starknet. Data integrity is ensured through on-chain verification mechanisms leveraging Merkle Mountain Range (MMR) and Merkle Patricia Trie (MPT) verifications.
—
“Herodotus is a powerful data access middleware that provides smart contracts with synchronous access to current and historical on-chain data across Ethereum layers.”
Summary
The most critical subjects covered in our audit are security vulnerabilities and the validity and integrity of the state and storage proofs. Amongst others, the following issues have been uncovered:
- Broken CairoLib Dependency
- MMR: Verify Against An Intermediate Node Is Possible
- Empty/inexistent storage slots can not be provenAll high severity issues have been resolved.The general subjects covered are functional correctness, robustness and usability.
In summary, we find that the codebase provides a good level of security. It’s worth noting that more thorough testing could have identified most of these issues early. Moreover, there is still room for enhancement in the testing processes. Core functionality of the project is tested with minimal test cases only.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Herodotus on Starknet
Herodotus provides a bridge between Ethereum’s L1 and Starknet’s L2, allowing for trustless proofs of state and storage values of Ethereum accounts on Starknet. Data integrity is ensured through on-chain verification mechanisms leveraging Merkle Mountain Range (MMR) and Merkle Patricia Trie (MPT) verifications.
—
“Herodotus is a powerful data access middleware that provides smart contracts with synchronous access to current and historical on-chain data across Ethereum layers.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and standard compliance. Security regarding standard compliance is high. Security regarding access control has been improved since the first iteration of this report (see permission can be bypassed in transferFrom()). Additionally, a critical issue allowing users to spend encumbrance of other users in certain cases has been disclosed and fixed by Compound after the first iteration of this report: Encumbered balances can be transferred. Functional correctness is now extensive.
The general subjects covered are code complexity and quality of specification documentation. Some inconsistency has been identified in the specifications, see Incorrect specs, which was corrected.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Compound SUPTB
Compound implements an EIP-7246 (under review) compliant token SUPTB (Superstate short-term U.S. government bonds) and a permission list contract. It introduces a new feature: Encumbrance on top of ERC-20 to separate the ownership of tokens from the right to transfer them.
—
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
Summary
The most critical subjects covered in our audit are access control and functional correctness. All raised issues have been addressed accordingly. The most critical issue found in the assessment was related to incorrectly counted votes in InclusionVote (see Blank Votes Not Counted).
In summary, we find that the codebase now provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Governance
Yearn implements an on-chain governance system for yETH and the new contracts. They allow st-yETH holders to vote for generic proposals and Pool parameter changes.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – ArrangerConduit
MakerDAO implements a contract that is used to give access to funds of Maker SubDAOs to external actors for the purpose of investment into real-world assets.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and frontrunning resistance. Functional correctness is high.
While the conduit withdraw() function can be frontrun, the function is only called by members of the SubDAO which are able to mitigate the risk, if necessary, by using more private channels for the inclusion of such transactions into the blockchain.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO SparkLendConduit
MakerDAO implements a conduit contract for funnelling sNST into Spark, an Aave v3 fork.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. Security regarding functional correctness and access control is high, while security regarding asset solvency is improvable, see No Functionality to Recover From Bridge Failure.
The general subjects covered are code complexity, upgradeability, trustworthiness, documentation, and gas efficiency. Contracts in scope of this assessment are not upgradeable and have limited privileged roles. The code is well written. The documentation is improvable and the codebase could be more gas efficient, see Findings.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Frankencoin Smart Contracts
The Frankencoin system is a set of smart contracts that issue the Frankencoin (ZCHF) on-chain, a stablecoin that is supposed to be pegged to the Swiss Franc. Each Frankencoin minted is backed either by collateral assets or other trusted Swiss Franc stablecoins. The governance of the system is based on veto rights of shareholders that control at least 2% of the total voting power.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, access control, denial-of-service, precision of arithmetic operations, and reentrancy. Security regarding all the aforementioned subjects is good.
The general subjects covered are gas-efficiency, documentation, and error handling.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but do not replace other vital measures to secure a project.
About Spool V2 smart contracts
Spool implements a system for meta-strategies where users invest in vaults that then collectively invest in strategies that interact with third-party DeFi systems.
—
“Introducing Spool V2, the next evolution in our DeFi infrastructure designed for institutions and professionals. Building on our V1 proof of concept, V2 offers exponential enhancements in efficiency, composability, utility, and security.”
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency, and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are specification and gas efficiency. Security regarding the aforementioned subjects is high. Note that the zkAllocation is not specified precisely and is treated as a black box.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Sturdy Aggregator Smart Contracts
Sturdy implements Sturdy Aggregator, a lending optimizer with the ability to provide just-in-time liquidity by moving funds between different lenders.
—
“Sturdy is a lending protocol where borrowers farm with up to 10x leverage & lenders receive high yields.”
Summary
The most critical subjects covered in our audit are functional correctness and security of user funds. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StarknetID Auto Renew
StarknetID has implemented a non-upgradable auto-renewal contract to streamline domain renewals for users. Users can seamlessly enable or disable spending flows, which, subject to certain conditions, are executed by a designated, whitelisted renewer. These conditions include annual execution and ensure the domain expires in less than a month. The contract is governed by an admin, with users being responsible for setting accurate allowances.
—
“StarkNet.ID serves as a versatile passport for StarkNet, facilitating seamless storage and sharing of user-specific data within the StarkNet ecosystem. This robust identity protocol allows various Starknet app to access and utilize user information effortlessly, enhancing the overall user experience.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity, suitability of the implementation for the intended use case and accuracy of the documentation.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mimo Capital MCAG Contracts
Mimo Capital AG issues ERC-721 compliant NFTs called KUMABondTokens, which are backed by real-world bonds. Additional smart contracts handle functionalities like KYC compliance through KYCToken, role-based access control via AccessController, and price feed updates through MCAGAggregator and KIBTAggregator. The system also allows for pausing the tokens and maintains a blacklist of addresses that cannot interact with the KUMABondTokens.
—
“Mimo Capital AG is authorized to bring real-world assets, such as sovereign and corporate bonds, onto the blockchain via a process called tokenization, allowing for more transparency as each token is linked to a specific set of underlying assets held in custody.”
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high.
The general subjects covered are upgradeability, gas efficiency, and trustworthiness. We found that security regarding those subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon Token (POL)
Polygon implements the POL token, a fungible asset on Ethereum that supports the revised Polygon protocol architecture, and in particular its emission schedule and the migration from the previous MATIC token.
—
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
.svg)
Summary
The most critical subjects covered in our audit are asset solvency and functional correctness. This includes the yield distribution for the rebasing token.
The general subjects covered are the documentation, integrability into the DeFi ecosystem and efficiency.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Kuma Protocol
The KUMA protocol is designed to tokenize KUMABond NFTs into KIB ERC-20 tokens. Interests are distributed through the rebasing mechanism of the token. ERC-20 ist the most common token standard and hence these KIB tokens are compatible with various decentralized finance protocols. The system has safeguards such as a Deprecation Mode to allow for a graceful shutdown and uses UUPS proxy pattern for upgradability.
—
The KUMA Protocol is a decentralized protocol issuing interest-bearing tokens backed by regulated NFTs, themselves backed by Real World Assets (RWA). At start the KUMA Protocol accepts regulated KUMA NFTs that are backed by sovereign bonds.
Summary
The most critical subjects covered in our review are asset solvency and functional correctness. Security regarding the aforementioned subjects is improvable. The most important issues uncovered are (1) asset solvency is low due to wrongly maintained internal accounting (see Wrong Accounting upon Margin Account Top up) and (2) functional correctness is low due to the value the tranches not including unrealized LP fees (see Accrued Interest Is Not Accounted in trancheValue).
The first issue has been fixed by a change of specification. Xena Finance has decided they only want to use a single tranche. The issue remains valid if Xena Finance decides to add more tranches. This leaves the codebase complex, while the functionality that will be used is simpler. The second issue related to accrued interest remains unfixed.
Additionally, there are a number of issues that Xena Finance decided not to fix, which could cause problems in the edge cases outlined in those issues.
The general subjects covered are documentation and specification. Security regarding all the aforementioned subjects is improvable. Documentation and specification are not sufficient due to the overall lack of documentation and unclear specification, see Missing Documentation.
In summary, we find that the codebase currently provides an improvable level of security.
Users of the system should check the Notes section for important information to consider before using the system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Xena smart contracts
Xena Finance implements a decentralized, non-custodial perpetual exchange. It aims to provide users with zero price-impact trades.
—
“Welcome to Xena Finance, where we’re making trading simple and exciting for everyone! We’ve created a place where you can easily trade and manage your risks, all while keeping the custody of your funds.”
.svg)
Summary
EIP-4788 uses a smart contract to temporarily store beacon chain roots on the execution layer in EVM storage. The contract is written directly in EVM assembly. Internally, the contract uses two ring buffers, one for timestamps and one for beacon roots. Hence, previously written beacon roots will be overwritten eventually. The most critical subjects covered in our audit are the security and the correctness of this smart contract storing and providing the beacon roots. The most important properties are:
(1) only the privileged SYSTEM_ADDRESS can store beacon roots
(2) only previously stored beacon roots can be retrieved
(3) the ring buffer correctly overwrites old beacon roots
(4) previously stored beacon roots can be queried by any smart contract by providing the timestamp of the following beacon block
Furthermore there was an important performance property:
(5) limit the storage consumption of the contract and use the storage efficiently
For the originally submitted contract, we found that property (2) can be violated by querying the Zero-Timestamp and that property (5) depends on block interval to stay constant at 12 seconds. To improve the storage efficiency and hence reach property (5) we proposed that the ring buffer should have a prime size. Furthermore, we investigated possible gas savings and made some recommendations which focused on reducing the execution cost of the contract’s usual execution path.
The smart contract and the EIP were consecutively updated as follows:
(1) an explicit check was added to prevent querying the Zero-Timestamp
(2) the ring buffer size became a prime number (specifically 8191), which provides more efficiency independent of block interval as described in the audit report, see “Implications of Ring Buffer Size”
We then further analyzed these updates. We found that during regular times the contract can return the 8191 most recent beacon roots. Given the current block interval that results in roughly 27 hours of historic data. However, before hard forks or with varying block intervals the contract might only return the beacon roots from the past 8191 seconds (roughly two hours), as described in “Changes in Block Interval”.
Last but not least, we wrote “Notes for smart contract developers”, planning to interact with this contract, so that they can avoid potential mistakes.
Overall, we found that after these fixes the smart contract code provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but do not replace other vital measures to secure a project. Specifically, in this review the way how clients interact with this special smart contract to set beacon roots was out of scope.
About EIP‑4788 Contract
EIP-4788 introduces a mechanism for the execution layer of Ethereum mainnet to access the beacon roots of the consensus layer. This access is provided through a regular smart contract which acts as a temporary database. This particular smart contract is the scope of this audit.
—
The Ethereum Foundation (EF) is a non-profit organization dedicated to supporting Ethereum and related technologies.
Summary
Bancor implements an AMM exchange protocol with flash loan functionality. The reviewed Bancor v3 tries to mitigate any impairment loss for liquidity providers instantly, has an “Omnipool” for BNT liquidity providers that is used to trade against all other tokens. All tokens can be provided single-sided. In contrast to the previous version, it also has no liquidity caps in the pools.
The most critical subjects covered in our audit were security and functional correctness issues. Most severe is an Oracle Manipulation. All raised issues have been fixed accordingly or were acknowledged by Bancor. The review of any economic principles or business logic is excluded in our technical reviews.
In summary, we find that the codebase provides a good level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Especially, for project of this size, they complement but don’t replace other vital measures to secure a project.
About Bancor v3
“Bancor is a decentralized network of on-chain automated market makers (AMMs) supporting instant, low-cost trading, as well as Single-Sided Liquidity Provision and Liquidity Protection for any listed token.”
.svg)
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and access control. The general subjects covered are fee handling, event handling, gas efficiency, and upgradeability. Several Possible Gas Optimizations exist that would increase gas efficiency. Furthermore, the implementation of EIP-4626 can be improved: EIP-4626 Non-Compliance. All other mentioned subjects show a high level of security.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Circle Perimeter smart contracts
Circle implements Perimeter, which can be used as on-chain infrastructure to facilitate the operations of loans that are secured off-chain. This includes custody and transfer of lender’s funds, interest payments, and fee handling.
—
“Circle is a global financial technology company helping money move at internet speed. Our mission is to raise global economic prosperity through the frictionless exchange of value.”
“USDC is a faster, safer, and more efficient way to send, spend, and exchange money around the globe. USDC powers apps to provide anytime access to payments and financial services.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. No major issues were uncovered.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation. The security of all aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme – Sulu Extensions XIII
Avantgarde Finance implements changes and extensions on the Sulu system. In particular, the changes consist of refactoring and bug fixes of the Aura/Convex staking adapter, a new policy that prevents redemption in specific assets when some assets are depegged, the introduction of the ArrakisV2 adapter, the extension of the deposit wrapper so that users can exchange an arbitrary asset to the denomination asset of the fund of which they want to buy shares, the AaveV3 CDP external position and the Lido stETH withdrawal.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully
The subjects covered by our review are detailed in the Review Overview section.
We found that the O(1) selector table is a good optimization and provides substantial gas savings, especially for large contracts. As pointed out by Incorrect dense selector when one bucket is empty, this new feature brings some edge cases that are hard to cover with tests, and even using fuzzing. We recommend that testing should be performed with special care for such part of the compiler.
As described in Arguments buffer size too large when calling ecmul and ecrecover can return undefined data in some edge case, issues were found in the fixes of the recent security advisory. These issues were shortly fixed and we can confidently assert that the security advisories that were initially in scope for this review have been resolved.
The large number of issues found in the builtins functions shows that special attention should be given to this part of the compiler and more testing should be done on that side.
Finally, although Vyper v0.3.10 fixes a substantial amount of issue and improve the compiler greatly, the large number of high-severity issues discovered during this assessment along with the limited scope of this review make further assessments necessary.
The review was executed by one engineer over two weeks. It’s important to note that, due to the extensive scope and codebase, our time-limited review does not capture the full depth of a comprehensive security analysis.
About LIMITED REVIEW – Vyper Compiler, Semantic analysis and Code generation
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
Our audit’s most critical focus areas include verifying the proper behavior, security, and financial stability of the protocol. A significant portion of our review concentrates on ensuring the accuracy of adapters when interacting with external systems. We also examined the newly added price feeds.
Security regarding all the aforementioned subjects is high.
We also examined the code’s correctness with respect to the available specification and the consistency of the implementation.
In summary, we find that the codebase of the protocol provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V2.1
Gearbox Protocol has implemented version 2.1, an improved iteration of the existing v2 protocol. Based on lessons learned since the launch of v2, numerous enhancements and fixes have been incorporated to strengthen security, such as minimizing the attack surface. Access has been further restricted, with direct interaction with adapters no longer permitted. All interactions must now go through the CreditFacade. Additionally, new adapters have been introduced to enable credit accounts to interact with Balancer, Compound, and Aave V2, along with the addition of three new price feeds.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
Summary
During this assessment, we did not uncover any severe issues and in summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About yDiscount Smart Contracts
Yearn implements a program allowing Yearn contributors to buy YFI at a discount each month, the discount is subject to the duration of their veYFI lock and the purchased YFI are immediately locked into veYFI according to the contributor’s current lock.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
We did not uncover any severe issues.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn ERC4626 Router
Yearn implements a router contract to migrate, deposit and withdraw from various vaults. Additionally, it simplifies some of the user actions like wrapping ether and providing the possibility to perform multi-calls.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
During this assessment, we did not uncover any severe issues and in summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Periphery Security
Yearn implements a program allowing Yearn contributors to buy YFI at a discount each month, the discount is subject to the duration of their veYFI lock and the purchased YFI are immediately locked into veYFI according to the contributor’s current lock.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and signature handling. Asset solvency and Signature handling are good. Functional correctness is high.
The general subjects covered are specification, front-running and integration with 3rd party systems. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About HOPRNet – Node Management Module
HOPRNet implements a module for Safe multisignature contract that allows management and separationof the different keys that are needed for HOPR network functionality. Scope includes updatedHoprChannels that can use such Safes and factory to deploy and configure them.
Summary
The most critical subjects covered in our audit are the correctness of the accounting, asset solvency, access control and functional correctness. During the audit, the most important reported issues were:
– Replacing a Validator Eventually Blocks the System
– Usage of address(this).balance in restake Can Block the System that requires from Everstake to inject liquidity to correct the accounting in case of necessity.
The issues have been fixed during the second week of the audit.
Security regarding all the aforementioned subjects is satisfactory. Even though the probability of one of the validators getting slashed is low, slashing could occur. That would require manual, trust-based intervention, see Slashing is not taken into account and Trust Model.
The general subjects covered are documentation, unit testing, code complexity, and gas efficiency. Documentation has been greatly improved during the last iteration. Unit testing and testing in general is basic, a good test suite will help ensure corner cases are considered.
In summary, we find that the codebase provides a satisfactory level of security, provided the Trust Model.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Everstake – ETH B2C Staking
Everstake implements a pooled staking service for Ethereum, where the rewards are reinvested in the pool and the validators are managed by Everstake.
—
“Everstake is a responsible validator trusted by 625k+ users across 70+ blockchain networks. Created by engineers for the entire community in 2018”
Summary
The most critical subjects covered in our audit are functional correctness, access control and standard compliance. Security regarding all the aforementioned subjects is high.
The general subjects covered are code complexity and quality of specification documentation. Fire Group Ltd. did not provide any specifications, test cases, git commits or the framework setup.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Firetoken Smart Contracts
Fire Group Ltd. implements an ERC-20 and ERC-1404 compliant FireToken, which is governed by the owner and features restricted token transfers.
—
“Fixed Income Real Estate (FIRE) is an equity token allowing its holders to participate in real estate & hospitality development projects and receive a fixed monthly return for a period and benefits at the properties and fundatmental assets.”
Summary
The most critical subjects covered in our audit are the functional correctness of the contracts, their configuration, and the interaction with the rest of the Gearbox system. Only minor issues were uncovered which have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox V3 Governance
Gearbox implements the governance module for Gearbox V3.
—
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and non-custodiality. Functional correctness and access control are good. Non-custodiality is good. However, due to several issues arising from administrator powers, see Execution data is not validated and Execution reentrancy may be possible, and the proxy action contracts being out-of-scope, there may be unforeseeable consequences for non-custodiality.
The general subjects covered are upgradeability, unit testing, documentation and error handling.
In summary, we find that the codebase provides a good level of security. However, there may unforeseeable consequences given the reasons above. In case the administrators are trusted, the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Summer.fi Automation V2 Smart Contracts
Summer.fi implements the second version of the automation bot which opens the system to protocols other than Maker and introduces new kinds of triggers and grouped validation mechanics.
—
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”
Summary
The most critical subjects covered in our audit are functional correctness, access control and integrations with external systems. Functional correctness is high. One issue concerning Access control has been resolved after the intermediate report. Security regarding integration with external systems is high.
The general subjects covered are gas efficiency, documentation and testing. Gas efficiency is good and is a significant improvement over the previous version. The documentation provided is satisfactory. The available tests covering v2 are very basic only, we strongly recommend to improve the test coverage.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Summer.fi DeFi Modular Actions v2
Summer.fi implements an updated and more gas-efficient version of modular proxy actions. The system allows multiple actions to be executed from a UserProxy in a single call.
—
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”
.svg)
Summary
The most critical subjects covered in our audit are the bridging mechanism, the interactions with the external protocols, components such as oracles, and the accounting of the system. A critical issue was uncovered, regarding price manipulation by an attacker as well as some high-severity issues. A second critical issue was found in the second iteration which allowed a user to mint more shares than expected by the system. All issues have been addressed.
The general subjects covered are the functional correctness and the liveness of the system, the code complexity, the access control, the documentation, testing, and the gas efficiency. The functional correctness is high. Regarding liveness, we have detected many possible ways which can lead the system to block. A relevant issue has been acknowledged by the development team. However, funds of the protocol are not at risk as the admins are in full control of them. The complexity of the bridging mechanism is high. The documentation was limited especially at the beginning of the review as well as testing. As the system exchanges messages with other chains, interacting with it could be gas-consuming and the gas efficiency is overall improvable. The security, as far as access control is concerned, is high.
In summary, we find that the security of the system is satisfactory but there is room for improvement.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About yldr.com
yldr.com implements a cross-chain yield aggregation system. Users can deposit assets on a master vault on the Ethereum network and then aggregate yield from different protocols in different chains.
Summary
The most critical subjects covered in our audit are functional correctness and frontrunning. Functional correctness is high and frontrunning is only possible to a small extent determined by the want factor.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Maker FlapperUniV2SwapOnly
MakerDAO implements a new Flapper contract for the Maker Core contract Vow that is used to convert DAI surplus. In comparison to the other FlapperUniV2 contract, the DAI are only swapped on a Uniswap v2 pair and the proceedings sent to a predefined receiver address instead of deposited into the pair as liquidity.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness and the correct adherence to the MakerDAO specifications. We have high confidence on both subjects although a certain base variable is omitted where no official specification indicates that it is not in use.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDao Interest Rate Strategy
MakerDAO implements a new interest rate strategy for the Aave v3 fork Spark Lend that sets the interest rate for the Spark Lend DAI market to the base DAI savings rate. In comparison to the old version, the contract retrieves the base rate from the “ETH-C” ilk (collateral type) of the Maker contract Jug instead of the DSR rate from the Maker contract Pot.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
Limited code reviews are best-effort checks and don’t provide assurance comparable to a non-limited code review. This review was not conducted as an exhaustive search for bugs, but rather as a best-effort sanity check for files of interest. The review was executed by one engineer over a period of two weeks supported by a second engineer for four days. Given the large scope and codebase and the limited time, the findings aren’t exhaustive.
Vyper implements a compiler of Vyper language into EVM bytecode.
The most critical subjects covered in our review are the functional correctness of arithmetic operations and the soundness of performed optimizations. Security regarding functional correctness of arithmetic operations is improvable, due to discovered bugs, where IR nodes introduced by safemath, can themselves have overflows.
We did not uncover any issues regarding the soundness of performed optimizations, however, we would like to note that current optimizations are applicable only in a very limited number of cases. Extending the applicable cases when they can be applied might lead to potential problems and bugs. In addition, since optimizations are performed after safemath, extending optimizations to smaller than 256-bit datatypes should be done carefully. Some of the currently performed optimizations might potentially lead to an overflow of smaller datatypes, if not properly adjusted.
About LIMITED REVIEW – Vyper Compiler IR optimizer and safe
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, front-running, and accurate fund valuation. However, front-running protection and accurate fund valuation are improvable due to inaccuracies, see Pricing ERC4626 and Unclaimed Staking Rewards Are Not Valued. Similarly, delayed fund valuation may be problematic, see Slashing Can Be Avoided.
The general subjects covered are code complexity, upgradeability, unit testing, and documentation. In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu extensions XI
Avantgarde Finance implements external positions for staking with Kiln (upgrade of old external position) and an integration with ERC-4626 tokenized vaults. Additionally, some changes to the existing code base have been performed.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
The most critical subjects covered in our audit are access control, functional correctness and the intergrations into the existing DSS system. After the intermediate report all uncovered issues have been resolved.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – RWA Toolkit
RwaMultiSwapOutputConduit allows priviledged users to convert DAI held by the smart contract into other stablecoins and transfer them to off-chain funds, using one of the Peg Stability Modules (PSM). Configurations need resetting after each use for security.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness and front-running resilience. Functional correctness has improved to a good level after the deficit calculation has been fixed in the underlying Carbon contracts, fixing a Wrong distribution of unpaid fees in repay(). Certain configurations and behaviors by the manager of a vault can enable a Sandwich attack on updateState which allows an attacker to extract value out of the protocol. It is therefore detrimental that managers disable withdrawals and/or deposits in Live state as soon as such attack vectors open up.
The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is high and the system can be in many different states which might require different handling, and thus our confidence in that regard is limited.
In summary, we find that the codebase provides a good level of security. Since the project is deeply intertwined with another TrueFi project, we would also like to refer to the note Relevant concerns of TrueFi Carbon smart contract audit report which details concerns that are also relevant for this project.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi Fluorine Smart Contracts
TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.
—
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Summary
The most critical subjects covered in our audit are the valuation of the portfolios and their tranches, the fee and interest calculations, the interactions of the lenders and the borrowers with the system and the access control. For the tranche valuation, we uncovered a Waterfall miscalculation issue. Under certain circumstances, the value of riskier tranches could be absorbed by higher tranches. The issue was addressed in the second iteration of the report. Attack vectors initiated by the portfolio managers were considered out of scope. In the current version, all the uncovered issues have been either addressed or acknowledged.
The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is really high and the system can be in many different states which might require different handling, and thus our confidence in that regard is limited.
Moreover, we would like to emphasize that portfolio managers are highly trusted and can introduce security risks to the protocol. The security of Carbon instances therefore ultimately depends on external factors.
In summary, we find that the codebase with the latest version greatly improved on the initial version. An iterative audit of many iterations adds risk as reviews of multiple small changes can introduce novel interactions with existing code which are easy to miss. Overall, we find that the codebase in its current state provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi Carbon Smart Contracts
TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
.png)
Summary
The most critical subjects covered in our review are functional correctness, integration of the signature scheme, and access control. All uncovered issues have been either fixed or acknowledged. Notable findings included: .. [Security regarding all the aforementioned subjects is high.]
- Update using stale pokedata
- Assessement of Finalized after authed action
- unreset oppokedata after unsuccessful challenge
The general subjects covered are code complexity, integration by external systems and the quality of the specification / documentation. The correctness of the signature scheme itself was not in scope of this review.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Chronicle – Scribe (MakerDAO)
Chronicle implements Scribe, a Schnorr multi-signature based price oracle. An optimistic extension allows price updates where the signature is only evaluated on-chain if challenged. Reading the pricefeed on-chain is restricted to whitelisted addresses only.
Chronicle: “Verifiable date for a decentralized future – Powering MakerDAO. Scalable | Cost-Efficient | Accessible | Transparent | Oracles – https://chroniclelabs.org/”
Summary
The most critical subjects covered in our audit are functional correctness, access control, trustworthiness and reentrancies. Several issues regarding these topics have been remedied. Access control is handled correctly throughout. Potential reentrancy vulnerabilities have been addressed. The risk of an implementation contract SELFDESTRUCT was addressed. Several risk-free issues have been acknowledged and are by design, see Systemic bias towards accepting proposals, Proposal can be updated just before voting starts, Same proposal status for queued, executed or vetoed proposals.
The general subjects covered are upgradeability, gas efficiency and documentation. Security regarding these subjects is high. Some steps were taken to improve gas efficiency, which overall is decent. The level of documentation is satisfactory, however, some peculiarities highlighted in the Notes section could be more explicitly documented.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Snapshot X
Snapshot implements a configurable voting protocol for systems with decentralized governance. It allows users to create proposals which can then be voted on and potentially executed. There are a variety of contracts which allow the system to choose which users can vote, which can create proposals, how the votes are counted, and how the proposals are executed.
"Snapshot is a voting platform that allows DAOs, DeFi protocols, or NFT communities to vote easily and without gas fees.The tool allows high customization of the voting process to cater to the diverse needs of the users and organizations."
#Source
Summary
The most critical subjects covered in our audit are asset solvency, functional correctness, and precision of arithmetic operations. Security regarding all the aforementioned subjects is good.
The general subjects covered are integration with external systems, signature handling and sanity checks. Security regarding signature handling and sanity checks is high. The pool is integrated with the Balancer V2 infrastructure, which is an out-of-scope system. The issue Reentrancy via Vault was fixed, however other not yet discovered issues may remain since the Balancer V2 infrastructure is not covered by this audit. Thus, security regarding external systems integration is improvable.
In summary, we find that the codebase provides a good level of security regarding the most critical subjects, assuming that the Balancer V2 infrastructure does not contain any severe issues.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Swaap Finance – SafeGuardPool
Swaap implements a Safeguard Pool, utilizing the Balancer V2 infrastructure. It is an AMM pool with restrictions on certain swap transactions, in accordance with predefined parameters, known as safeguards. To perform a swap, a valid quote from a privileged signer must be provided. This quote encapsulates the swap price and associated penalties.
“Swaap is an innovative market-making protocol specializing in blue-chip crypto assets. Through pioneering models developed in collaboration with leading institutions, Swaap is revolutionizing DeFi market-making by providing liquidity providers with effortless and superior market-making strategies.”
Summary
The most critical subjects covered in our review are asset solvency, functional correctness, access control and front-running. The security regarding functional correctness and front-running still has some potential to improve, see Implementation Mismatch With ERC-4626 and Possible to Frontrun the First Deposit in Pool. The security regarding other subjects is good.
Although we did not identify critical or highly severe issues during this review, we highlight that sandwiching attacks are important for the system as the curve’s shape changes when Pool parameters get updated by privileged accounts, or when rates of underlying assets change significantly. Possible sandwiching attacks are described in section Notes.
Given the complexity of the system, we highly recommend extending significantly the test suite and only apply changes to the system after rigorous testing.
In summary, we currently find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yETH Smart Contract
Yearn implements a modified StableSwap pool for liquid staking derivatives and a staking vault. The pool token is yETH and can be staked into the Staking contract to earn rewards.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are overflow checks, the precision of arithmetic operations, and functional correctness. Some issues regarding overflows and precision losses were identified and subsequently fixed. Security regarding these subjects is high.
The general subjects covered are gas efficiency, access control, and trustworthiness. Security regarding all the aforementioned subjects is high. The efficiency of the current price calculation has been significantly improved.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Curve Tricrypto-ng
Curve implements an updated and optimized version of the existing Curve Curve Tricrypto Pool. It is an automatic market maker which allows exchanging of three tokens that do not need to be equivalent in value. The pools are rebalanced continuously around a moving average of the AMM state prices.
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
Summary
No critical issues were uncovered in the intermediate audit. In summary, we find that the current intermediate codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn yBAL
Yearn implements a liquid wrapper for Balancer’s voting tokens (veBAL) and an ecosystem allowing users to invest the funds to earn a yield on their deposits. A Zapper contract allows a convenient entry point for users to invest their funds. The new liquid wrapper token yBAL can be always minted by providing BAL or WETH tokens. Having yBAL the users can decide between the associated investment strategies and earn from LP rewards or staking rewards.
—
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Review Overview section.
We did not find any issues in the fixes of the security advisories that were in the scope of this review and can confidently assert that the security advisories have been resolved.
The elimination of the Function Signature class enhances the code’s readability and consistency, according to our findings. This removal, enabled by the previous pull request that refactored the type system and the code generation, is one of the last steps in merging the type systems of the semantic analysis and the code generation.
The Journal and its commit/rollback scheme fix the issue with incorrect type checking of loop variables but also allows for future new metadata to be added to the compiler easily. Although one issue was found in its implementation as highlighted by Metadata Journal can rollback incorrectly, this new primitive is a great addition to the compiler as it also fixes a performance issue by caching the list of potential types for nodes.
Special attention should be applied to testing complex expressions with functions calls as sub-expression. As highlighted in various issues such as Multiple evaluations of DST lead to non-unique symbol errors when copying Bytes arrays or DynArrays or Make_setter is incorrect for complex types when the RHS references the LHS with a function call, such complex expressions might be edge cases in the compiler logic and should be part of the testing suite.
Additionally, the large amount of issues related to the new IfExp AST node depicts the importance for the compiler to be more generic in its way to validate the semantics of expressions as currently, some functions must handle the case of several AST nodes in distinct ways as they cannot be handled by the general logic.
About LIMITED REVIEW – Vyper Compiler Semantic analysis and Code generation
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
MakerDAO implemented a new flapper contract. Rather than auctioning off the surplus DAI, it is now exchanged and added to an UniswapV2 pool.
The most critical subjects covered in our audit are functional correctness of the changed code and the impact of the change on the existing system.
It’s worth noting that, by design, this new flapper spends up to x2.2 times the amount of DAI the Vow expects it to spend. For more details please refer to the informational issue.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Maker FlapperUniV2
MakerDAO implemented a new flapper contract. Rather than auctioning off the surplus DAI, it is now exchanged and added to an UniswapV2 pool.
—
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
KyberSwap Elastic is an automated market maker (AMM) implementation, that allows liquidity providers to concentrate the liquidity in a certain price range.
The most critical audit subjects are functional correctness, external dependency integration and protection against adversarial agents. We found some deviations from the functional correctness which were reported. Regarding external dependency integration, we found minor mismatch from standard. Lastly, bugs that limited the AntiSniping (aka JIT liquidity provision) protection were reported.
The general audit subjects covered include trustworthiness, documentation, and gas efficiency. Regarding trustworthiness, while pools are not upgradable, there are certain system parameters like whitelisted position managers that can be set only by privileged ConfigMaster role holder. We found certain parts of the documentation that could be improved so that other projects can better integrate with the Kyber Network protocol. Lastly, minor possible improvements to gas efficiency were reported.
In summary, we find that the codebase at last version commit in Scope provides provides a high level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. Since the protocol logic is quite sophisticated, techniques such as property based testing and formal verification can bring valuable additional assurance. They complement but don’t replace other vital measures to secure a project.
About KyberSwap Elastic
“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.
Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”
(Source: Kyber Network media kit, April 2021)
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. One high-severity issue was found in GatedRedemptionQueueSharesWrapper, where a user can purposefully front-run a depositFromQueue call and make another user who made a deposit request lose their funds. All the issues have been addressed. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high. In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions X
Avantgarde Finance extended the functionality of the ParaSwapV5 adapter to add support for MegaSwap and SimpleSwap and changed how the errors are caught. Moreover, the functionality of the GatedRedemptionQueueSharesWrapper was extended to allow vault owners to force the transfer of shares from one account to another and to enable a “Request” DepositMode. Finally, two new adapters were introduced for ZeroExV4 and 1inch swaps.
—
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
.png)
Summary
Savings DAI implements a tokenized EIP 4626 compliant wrapper for DAI Savings Rate. This latest iteration of the code adds a referral feature.
The most critical subjects covered in our audit are functional correctness, security of the assets and adherence to the EIP standards. General subjects covered are optimizations and usability.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis Savings DAI
Savings DAI implements a tokenized EIP 4626 compliant wrapper for DAI Savings Rate. This latest iteration of the code adds a referral feature.
Summary
The most critical subjects covered in our audit are security and functional correctness. During the review, no critical or high severity issues were uncovered. The report highlights a medium and a few low severity issues, one of which highlights a significant inaccuracy in the documentation. After the intermediate report, all issues have been addressed.
The general subjects covered are adherence to the implemented standards, code complexity and gas efficiency.
In summary, we find that the codebase provides a good level of security. We have to emphasize that the project reviewed is a template only, not an actual implementation of a strategy.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn Tokenized Strategy
Tokenized Strategy offers a framework for developers to easily create ERC-4626 compliant tokenized strategies by implementing only the strategy-specific logic, as it provides the core accounting functionality.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are security, functional correctness and the proper accounting of the assets and shares. During the review, no critical or highly severe issues were uncovered. Two medium severity correctness issues have been found which have been resolved after the intermediate report.
The general subjects covered are adherence to the implemented standards, code complexity and gas efficiency. In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn V3 Vaults
Yearn implements VaultsV3, an unopinionated ERC-4626 compliant system designed to distribute depositor funds into various strategies and manage accounting robustly. Depositors receive ERC-20 compliant shares that can be redeemed at any time.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
.png){kind=spacer}
Summary
The most critical subjects covered in our review are signature handling, event handling, access control and functional correctness. Security regarding all the aforementioned subjects is high.
The general subjects covered are trustworthiness, upgradeability, gas efficiency and documentation. The contracts in the scope of this review are not upgradeable, however, several accounts are required to be trusted, see Roles and Trust Model. Also, we have highlighted accounts of high importance in Potential single points of failure. The project has extensive documentation and inline code specification.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Circle – Cross Chain Transfer Protocol (CCTP)
Circle implements a Cross-Chain Transfer Protocol (CCTP), allowing bridging native tokens from a source chain to a destination chain. The CCTP relies on an off-chain attestation service to sign transfer messages, which is currently operated by Circle.
“Circle is a global financial technology company helping money move at internet speed. Our mission is to raise global economic prosperity through the frictionless exchange of value.”
“USDC is a faster, safer, and more efficient way to send, spend, and exchange money around the globe. USDC powers apps to provide anytime access to payments and financial services.”
Summary
During the review, no critical or highly severe issues were uncovered.
The most critical subjects covered in our audit are functional correctness, access control and signature malleability. The security regarding all the aforementioned subjects is high.
The general subjects covered are gas efficiency, code complexity, testing, and specification quality. Note that in the third version tests were added. The quantity and quality of tests, however, see Lack Of Testing, and gas efficiency can still be further improved.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About USDFI: AMM, Gauges and Bribes Smart Contracts
USDFI implements an ecosystem, which supports exchanges, including both constant (as in Uniswap V2) and stable swap. To incentivise liquidity providers to get engaged in the system, a bribing system as well as gauges are implemented to allow staking of LP tokens.
Summary
The most critical subjects covered in our audit are the functional correctness of the bridging mechanism, security of the locked assets and the validation of withdrawals on the RootChain. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, efficiency and adherence to the implemented standards. Security regarding all the aforementioned subjects is high. The codebase however could be more consistent: Multiple similar contracts exist where the implementation of the same functionality differs slightly.
This review covered a system already deployed. The actual contracts deployed do not exactly correspond to the version audited, although the changes are mostly of cosmetic nature only. The compiler version + dependencies used are outdated, however no known bug affects the live contracts.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon PoS Portal Smart Contracts
Polygon PoS Portal is a bridge for assets between the RootChain (Ethereum) and the ChildChain (Polygon). Additionally a gas-swapper contract which helps users to aquire MATIC while bridging tokens to Polygon was reviewed.
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
Summary
As has been communicated by the Bancor team at the start of the audit, a precision error could lead to some losses for customers due to unexpected pricing: Price Precision Very Low for Some Tokens. This issue has been mitigated by an encoding format that increases the amount of bits that can effectively be used.
The most critical subjects covered in our audit are functional correctness, precision of arithmetic operations and front-running. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Bancor Carbon
Bancor implements an AMM with asymmetric liquidity on which each user’s liquidity position is represented by two independent curves for buying and selling a token respectively. Trades can be matched against these positions using Bancor’s decentralized SDK, or in whichever manner the user desires.
Summary
The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all is generally good. Security regarding functional correctness is good as long as drying out the Aave pool on purpose, see Provoking an Aave Liquidity Crisis, is unprofitable based on the borrow and supply caps, and the flashloan fees.
The general subjects covered are code complexity, error handling, specification and gas inefficiency. Security regarding all the aforementioned subjects is good. However, documentation could be more explicit for makers since the provided arguments on creation should be meaningful but are not checked by code.
All the issues uncovered during the review have been either fixed or acknowledged. In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Kandel Strats Smart Contracts
Mangrove Association (ADDMA) implements a “buy low, sell high” market making strategy leveraging the Mangrove core system, while optimizing the capital efficiency by supplying the idle funds on AaveV3.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
.svg)
Summary
The most critical subjects covered in our audit are asset solvency, access control, functional correctness and oracle robustness. Security regarding all is high.
The general subjects covered are gas efficiency, documentation, unit testing and trustworthiness. Security regarding all is high. However, some can be improved (e.g. gas efficiency).
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Silo Finance – Curve & Convex Feature
Silo Finance implements a Curve LP price feed for StableSwap and Crypto pools, a price feed using Curve’s pool prices, and a forwarding price feed that maps assets to another asset. Further, Silo Finance provides an ERC-20 wrapper for Convex staking positions. Last, Silo Finance created a new implementation for the Silo router so that it supports wrapping and unwrapping the wrapped tokens.
.png)
Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and signature handling. Security regarding Functional correctness and asset solvency is good. Signature handling is improvable, see Problems Related to Consent and ConsentVerification.
The general subjects covered are event handling and gas efficiency. Gas efficiency is improvable, see Gas Optimisation. Event handling can be improved as well, see Pausing and Unpausing Emit Misleading Events.
In summary, we find that the codebase provides an improvable level of security.
Many of the issues we identified during our assessment, which you have acknowledged without taking action, have the potential to cause human errors and other negative impacts. It is important to address these issues promptly to ensure the overall safety and reliability of your system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Blockswap – State Replication Gateway (SRG)
Blockswap implements State Replication Gateway – a cross chain state portability system, that allows the extension of a smart contract states between EVM-compatible chains.
—-
“Blockswap Labs is a research and development firm making blockchain technology accessible to mainstream users. As core contributors to Blockswap Network and Proof of Neutrality Network, Blockswap Labs are building a permissionless middle layer and catalyzing web3 development through credibly neutral public benefit infrastructure solutions.”
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Assessment Overview section. Pull request #3182 implements a large scale refactoring. It is followed by a general review of the code generation phase of the compiler.
We find that merging the front-end and back-end type systems benefits the code in terms of readability and consistence. Some aspects of the integration of the front-end type system in the code generation are improvable, and introduced bugs, such as StringT not handled in HashMap access.
Other issues have been identified with memory safety, as highlighted by Out of bound memory accesses with DynArray and skip_contract_check skips return data existence check. Special attention should be applied to testing rarely executed codepaths, such as the use of keyword arguments for internal functions, which revealed a long standing bug: Default arguments evaluated incorrectly for internal calls
We recommend being careful with the order of evaluation of expressions. As shown in the case of DynArrays, an incorrect evaluation order can lead to bypassing vital safety checks. Regular code reviews can help mitigate the introduction of such issues in the codebase.
About LIMITED REVIEW – Vyper Compiler Back
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
This latest iteration of the review focussed on the change that fees collected now remain in the Mangrove contract instead of being forwarded to a vault contract.
The most critical subjects covered in our audit are functional correctness, access control, precision of arithmetic operations, front-running and signature handling. Security regarding most of the aforementioned subjects is high. Security of signature handling is basic due to possible ECDSA malleability, see ECDSA Signature Malleability. Security of front-running is good but keepers could lose funds to rogue makers unexpectedly due to unawareness of the exact functionality of sniping, see No Protection for Keepers.
The general subjects covered are unit testing, documentation, specification, gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Smart Contract
Mangrove Association (ADDMA) implements an offer book exchange supporting markets between two assets. Makers create and takers consume offers which are promises of makers to provide the offered token at a certain price. To ensure the executability of offers, makers must deposit ether for gas reimbursements on failure.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
Summary
The MakerDAO zkSync-DAI Bridge is not yet deployed.
The most critical subjects covered in our audit are the functional correctness of the DAI bridging mechanism, the L2-DAI ERC-20 contract and the relay of governance spells, protection against censorship, and upgradeability.
Security regarding all other aforementioned subjects is high. However, users should be aware of the trust model, see Trust Model & Roles.
The general subjects covered are upgradeability, error handling, trustworthiness, documentation, and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO zkSync
MakerDAO implements a layer 2 DAI contract for zkSync 2.0, a ZK-rollup for Ethereum, along with DAI bridging contracts. That also includes contracts for sending governance spells from layer 1 to layer.
It must be noted that the bridge is not yet deployed.
The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance. Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.
Summary
The most critical subjects covered in our audit are rewards accumulation, the minting and redeeming of Gauge tokens, the calculation of the YFI discounted price and, the precision of the calculations and the access control. The security of all aforementioned subjects is high as only low to medium severity issues were uncovered. All the issues have been resolved in the second iteration of the codebase.
The general subjects covered are upgradeability, documentation, testing. The documentation provided to us was limited. The security regarding the rest of subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn – oYfi
Yearn implements an incentive mechanism for users to hold the yvTokens. In particular, users can stake these tokens and mint Gauge tokens (ygTokens). With these tokens users can claim Option-Yfi (oYFI) which allows them to buy YFI tokens on discount.
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
Summary
The most critical subjects covered in our audit are access control, security of the funds and ERC4626 compliance. Only minor issues were uncovered. All the issues are addressed in the second iteration of the codebase. The security of all aforementioned subjects is high.
The general subjects covered are code complexity, gas efficiency, documentation and testing. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Archblock TrueFi – Controllers for TrueFi Carbon
Archblock implements some modified controllers to be used with the TrueFi Carbon protocol.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Summary
The most critical subjects covered in our audit are asset solvency, access control and functional correctness. Security regarding all the aforementioned subjects is high. The general subjects covered are upgradeability and gas efficiency. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security. This assessment did not uncover any issues that need immediate fixing. However, you might consider addressing the informational findings.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About TrueFi – Archblock – Portfolio Debt Token
Archblock on behalf of TruFi implemented a Portfolio Debt Token – a Solidity smart contract that is intended to be used for distributing assets, recovered from defaulted loans.
“TrueFi is DeFi’s largest credit protocol for real-world and crypto-native lending.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Enzyme – Sulu Extensions IX
Enzyme implemented changes to the existing UniswapV2 (support for tokens with fees on transfer) and Balancer (batchSwap()) adapters. New external positions for Solv bonds have been added, similar to the existing external position for Solv convertibles but without support for the secondary market. A new gated shares wrapper with a redemption queue has been added.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
This is a LIMITED REVIEW: a time-bound effort to provide security insights on a codebase without reviewing it fully.
The subjects covered by our review are detailed in the Review Overview section. Two pull requests, PR 2974 and PR 3182, implement a large scale refactoring, while the other PRs implement local fixes. Due to time limitations, pull request 3182 was not covered and requires further attention.
We find that the new type system implementation benefits the code in terms of readability. Some aspects of type checking are improvable, as can be seen for example in Function type_from_annotation performs no validation, HashMap are declarable outside of the storage scope or InterfaceT type comparison is incorrect for return types. Further investigation is required to cover all the changes to the type system and is likely to uncover more issues.
Focusing our attention on the other pull requests in scope, we can assert that most of the pull requests reviewed correctly implement the targeted fixes. However, some pull requests only partially implement fixes, such as Note on PR 3167: fix: codegen for function calls as argument in builtin functions, or introduce changes in semantics that need further consideration, as pointed out in Note on Pull Request 3104: refactor: optimize calldatasize check . A single pull request incorrectly implements fixes, and breaks existing compiler features (Note on PR 3211: fix: restrict STATICCALL to view).
The development of the compiler is showing substantial progress. The high number of issues uncovered make further reviews necessary, and particular attention should be given to syntactic manipulations for the validation of semantics, which are error prone as shown in Function _check_iterator_modification has false positive and false negatives , AnnAssign allows tuples assignment, Assign forbids them and HashMap variable can be left-hand of assignment if wrapped in Tuple.
LIMITED REVIEW – Vyper Compiler Front
“Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).”
Summary
The most critical subjects covered in our audit are the security of the funds stored in the system, the distribution of the buffered ETH and the rewards to the various modules, the management of the modules, the node operators and the public keys of the validators, the correctness of the allocation algorithm, and the low-level handling of the storage and access control. The most important issue we uncovered relates to incorrectly trimming the array containing the address of the reward recipients. Moreover, we uncovered an important correctness issue in the MemUtils.memcpy function which, however, has no impact in the current implementation. All the aforementioned issues have been addressed.
The general subjects covered are upgradeability, the efficiency of the implementation, the documentation and unit testing. We find the security in all aforementioned areas high. The documentation is comprehensive, and the unit testing is extensive.
In summary, we find that the codebase provides a high level of security. Unfixed issues reported by ChainSecurity in previous reports are omitted in this one.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Lido Staking Router
Lido implements a modularization of the current Lido system. This allows Lido to introduce various different staking modules with the Node Operators Registry being just one of these modules. The Staking Router contract is responsible for appropriately distributing the 32 ETH batches and the accumulated rewards among the different modules. To that end, Lido implemented an allocation algorithm.
Summary
The most critical subjects covered in our audit are functional correctness and memory consistency.
Security regarding all the aforementioned subjects is high.
The general subjects covered are a check of the specification and error handling. The specification is improvable, e.g. examples of encoded data can be added. Error handling is improved, after the fix of Assumptions on output from unsuccessful call.
In summary, we find that the codebase provides a good level of security. The remaining unfixed Complexity of Commands Effect Evaluation issue is fundamentally linked to the same risks as any other Ethereum transaction – however, the novelty of Enso-Weiroll requires additional tooling and user education to minimize this risk.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enso Weiroll Smart Contracts
Enso implements Enso-Weiroll – a virtual machine that is capable of grouping a chain of smart contract function calls into a single transaction. This chain of operations, or scripts, can perform arbitrary calls with user-defined data and allow the output of one command to be used as the input for the subsequent commands.
“A unified DeFi API that enables you to interact with all DeFi primitives conveniently.”
.svg)
Summary
The most critical subjects covered in our review are Adjusted Bias Measured Possibly Too Late and Queued Upgrade Still Taken in Account After Closing Bribe. Both issues open the possibility to drain funds. All critical and high issues raised have been corrected accordingly. Still, many issues were acknowledged or the risk is accepted.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO – Bribe Platform
StakeDao Bribe platform implements smart contracts allowing users to incentivize (or bribe) Curve token holders to vote for a specific Curve gauge.
“Stake DAO is a non-custodial platform that enables anyone to easily grow their crypto portfolio. It is built on top of decentralized blockchain protocols, offering a seamless way for people to grow, track, and control assets right from their wallet. As a project, we aim to allow anyone with any level of knowledge of crypto to have easy access to the market’s most competitive products and strategies.”
Summary
Compound III is a gas-efficient lending platform that allows more efficient liquidity use due to a more streamlined application of borrowing stable coins against various collaterals.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Compound III
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
Summary
The most critical subjects covered in our audit are functional correctness, system design and safety of user funds. We uncovered two medium severity issues regarding functional correctness, which have been addressed. There was one high severity issue regarding system design, which also has been remedied.
The general subjects covered are gas efficiency, code complexity, trustworthiness and access control. Some improvements can be made to the gas efficiency of the contracts. Security regarding the remaining subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis PositionManager
PositionManager implements a way for users to easily create proxy contracts to manage various DeFi positions without built-in asset separation. The proxies should be capable of replacing instances of MakerDAO’s DSProxy.
Summary
The most critical subjects covered in our audit are functional correctness and access control. Security regarding all the aforementioned subjects is high. Please note that the PAXG token is upgradable. Furthermore the current implementation of the PAXG token features functionality that allows the admin to seize/freeze assets of any address.
The general subjects covered are gas efficiency and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About MakerDAO – GemJoin9 for PAXG Smart Contract
MakerDAO implements a novel join adapter (GemJoin9) to be used with the PAXG token, an ERC20 token with fees on transfers.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and front-running. Security regarding functional correctness and access control is high. The two uncovered medium severity issues, that make the system vulnerable to front-running and sandwich attacks can potentially endanger users and 3rd party integrations, but do not pose an immediate risk for the ZkBob system itself.
The general subjects covered are trustworthiness, documentation, specification and code complexity. The security regarding these subjects is good. The acknowledged and not fixed issues are of low severity and don’t render the system unsafe.
In summary, we find that the codebase provides a good level of security. The remaining acknowledged but not fixed issues do not immediately impair the system, however, we still suggest addressing them in the future.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About zkBob smart contracts
BOB Protocol implements an application that uses zero-knowledge proofs (zk-SNARKs) for anonymous transfers of the BOB ERC20 stablecoin token.
Summary
Q Blockchain implements EVM chain with a delegated proof of stake (DPoS) consensus mechanism, on-chain governance framework, built-in stablecoin system, and numerous other features. This assessment focused on changes that were performed on top of previously reviewed version. Notable changes are a switch of solidity compiler version, new price feed oracles and crypto wallet key protection mechanism for the on-chain stakers.
The most critical subjects covered in our audit are functional correctness, upgradeability and usability. Security regarding all the aforementioned subjects is good. The general subjects covered are code complexity and event handling. Security regarding those subjects is good.
In summary, we find that the codebase provides a satisfactory level of security. The remaining acknowledged but not fixed issues do not immediately impair the system, however, we still suggest addressing them in the future. Over time their significance might change and cause more serious consequences.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Q Blockchain – System contracts v1.2
“Q combines the benefits of a public, open and decentralized ledger with the transparency of enforceable private contracts. Whether you want to interact with other businesses, build decentralized applications or simply send and receive tokens: Q is for you.”
Summary
Giry implements a vesting plan for the participants of DAOs. The project is a fork of another well-audited project with a small number of additional features.
The most critical subjects covered in our audit are functional correctness and access control. We find that the project implementation is of a high quality and no severe issues were uncovered.
The general subjects covered are code complexity, use of uncommon language features, unit testing, documentation, specification, and gas efficiency. Security regarding all the aforementioned subjects is high with the exception of unit tests and the documentation which have not been updated to reflect the current state of the project. More specifically, the unit tests do not check for the correctness of the newly introduced features.
In summary, we find that the codebase provides a high level of security, but we strongly suggest to implement the missing unit tests.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove dss vest smart contracts
Mangrove implements an offer book based exchange. Individual offer books exist for each market consisting of a base and a quote asset. Technically an offer book is a sorted doubly linked list of offers. Each offer promises an amount of the so-called base asset and requests a certain amount of the quote asset. Makers create these offers. Takers take these offers by executing a so-called order. During the execution of an order, the amount of the base quote is transferred to the maker first before the maker address is called to execute arbitrary code. During this call, the maker must do all actions necessary and make the amount of the base asset available for the exchange to collect.
Offers are just promises and the execution of an order may fail. When an offer fails e.g., because it failed to make available the amount of tokens to the exchange, the execution of the order is stopped. A penalty mechanism exists to incentivize makers to have working offers. Upon offer creation, the maker has to provide a so-called provision in Ether to cover for the gas costs should the transaction revert. If the offer
succeeds, the provision is returned to the maker. When an offer fails, a part of the provision is given to the taker to compensate for his lost gas costs.
A callback to the maker at the end of an exchange allows the maker to update his offer.
The system is administrated by the governance which can add/remove or pause token pairs or change the parameters of the system.
Summary
Mangrove implements a peripheral contract for the Mangrove core system which allows users to submit Good-till-cancelled orders and Fill-or-kill orders.
The most critical subjects covered in our audit are functional correctness, absence of reentrancy possibilities, access control, handling of funds, and accounting. We have uncovered some important bugs. Regarding functional correctness, we uncovered a bug where the gas price for an updated order is calculated and submitted incorrectly. Regarding accounting, we have uncovered a vulnerability affecting the order updates which can allow an attacker to steal funds from Mangrove core system. However, the impact of the vulnerability is not big since it is not expected that an attacker can steal a significant amount. Moreover, as far as internal accounting is concerned, if an updated order requires less provision than before, the provision is not refunded to the end users. All the aforementioned issues were addressed in the second iteration.
The general subjects covered are code complexity, use of uncommon language features, unit testing, documentation, specification, gas efficiency, trustworthiness and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Order
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, integrability and consistency of the accounting. General subjects covered include the documentation which is non-existing. Security regarding all the aforementioned subjects is satisfactory.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Delegation
ChainSecurity reviewed two implementations of delegation pods for ERC20Pods.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness, integration with OpenZeppelin’s ECR20 token implementation, and access control. Security regarding all the aforementioned subjects is good.
The general subjects covered are code complexity, documentation and event handling. Security regarding all the aforementioned subjects is improvable. Code complexity is improvable due to the custom AddressArray implementation. Documentation is non-existing.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – ERC20 Pods
1inch implements an extension for OpenZeppelin’s ERC20 implementation, that allows users to register so-called Pods, that are called on a balance update.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The most critical subjects covered in our audit are functional correctness, security of the assets and the accounting of the balances.
The general subjects covered are design, efficiency and documentation. While the Settlement system may protect from MEV done by the block producers, orders may be observed/rearranged on another level. The staking is only used as a barrier of entry and does not ensure that a resolver follows the protocol rules as stated in the documentation.
Detailed documentation / specification and documentation explaining the interactions between the components, especially with the limit order protocol was largely missing during the review. This review was done based on our understanding of the system as in the System Overview of this report for which we did not receive a confirmation of 1inch.
In summary, we find that the codebase in its current state provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About 1inch – Limit Order Settlement
In Limit Order Settlement resolvers settle orders of users. Major advantages this system offers include MEV protection and gasless swaps for the creator of the order. Resolvers should be whitelisted, in order to join this whitelist sufficient stake of 1inch tokens must be allocated to the resolver. The staking and delegation make use of the new proposed ERC20Pods extension.
“1inch is a global network of decentralized protocols designed to provide the most lucrative, fastest and secure operations in the DeFi space.”
Summary
The Fx-Portal allows to seamlessly bridge data between Ethereum and Polygon. Projects can simply build on the provided base contracts and use the provided functions to send/receive messages. Several example implementations are part of the repository, demonstrating the use for a simple state transfer or for bridging tokens.
The most critical aspects covered in our audit are security and functional correctness. For the core part, the mechanism and base contracts of the Fx-Portal, security regarding all the aforementioned aspects is high. The examples, while they showcase the use of the Fx-Portal contracts, lack documentation. Considering that projects may build on top of such example contracts, their functionality / limitations should be properly documented.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polygon Fx Portal
“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”
Summary
The most critical subjects covered in our audit are functional correctness and safety of the interactions with the underlying pool. Additionally, we focused on front-running possibilities and gas efficiency. We did not find any critical problems in the aforementioned categories. All raised issues have been fixed accordingly.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Gearbox Auction
GEARBOX implements a liquidity bootstrapping contract for a GEAR / ETH Curve crypto pool. The funding is raised in consecutive stages, after which the contract acts as a doorway to the Curve pool for a limited time in which GEAR sellers are paying a premium.
“Gearbox is a generalized leverage protocol: it allows anyone to take leverage in a DeFi-native way and then use it across various DeFi protocols. You take leverage with Gearbox and then use it on other protocols you already love. For example, you can leverage trade on Uniswap, leverage farm on Yearn or Curve and Convex, make complex delta-neutral strategies involving options and derivatives, get Leverage-as-a-Service for your structured product doing complex positions, etc.
The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; – and active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.”
Summary
The most critical subjects covered in our audit are functional correctness, access control, and integration with external protocols. Security regarding all the aforementioned subjects is high. The general subjects covered are code complexity, upgradeability, and documentation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VIII Smart Contracts
Avantgarde Finance implements new adapters for Aave V3 and Compound V3 and refactors the codebase of the Aave V2 adapter so that code can be reused for the Aave V3 adapter. Additionally, Avantgarde Finance introduces so-called list owner contracts, used for validation in the aforementioned adapters, that can add validated items to a list. Further, Avantgarde Finance implements an upgrade for the Maple external position to allow migration to V2.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
KyberSwap Elastic Legacy was the automated market maker (AMM) implementation by the Kyber Network protocol which was used until an upgrade in May 2023.
Please refer to KyberSwap Elastic for the current version of the system.
About KyberSwap Elastic Legacy
“Kyber Network is an on-chain liquidity protocol that aggregates liquidity from diverse sources for the best prices, enabling decentralized token swaps to be integrated into any application. Using this protocol, developers can build innovative payment flows and applications, including instant token swap services, decentralized payments, and financial DApps — helping to build a world where any token is usable anywhere.
Kyber is the most used and integrated protocol in decentralized finance (DeFi), with over US$1 billion worth of transactions facilitated since its inception. Kyber supports over 80 different tokens, and powers over 100 integrated projects including popular wallets Trust, Enjin, Argent, Eidoo, and the HTC Exodus smartphone, as well as DeFi platforms Nuo, DeFiSaver, InstaDApp, Set Protocol, Melon, and many others.”
(Source: Kyber Network media kit, April 2021)
Summary
ClayStack implements a staking pool implementation that simplifies the staking MATIC tokens on numerous Polygon validators. A user that joins the pool, locks MATIC tokens and gets csMATIC tokens that accumulate the rewards over time. The csMATIC tokens can be then burned, to get the locked MATIC tokens back.
The most critical subjects covered in our audit are the security of the pool and token contracts, the functional correctness and the safety of the deposited funds. Security regarding all the aforementioned subjects is high.
In the final iteration after the intermediate reports no issues remain open. Overall we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About ClayStack Matic Smart Contracts
“ClayStack is a decentralized liquid staking platform that enables you to unlock the liquidity of staked assets across multiple chains. You can stake your assets and use the issued staking derivatives across the DeFi ecosystem.”
Summary
[UPDATE March 21st 2022: we upload the original unredacted report, which contained a live critical vulnerability. The vulnerability was redacted until it could be patched. Find more details in our blog article.]—
Compound offers money markets for supplying and borrowing different assets on the Ethereum blockchain.
Users can supply assets to the market, earning interest on their deposits. They can also use their deposited assets as collateral in order to borrow assets from other markets. The borrowed assets accrue interest over time, which is shared between the suppliers and the protocol. If a borrower’s account balance falls below a certain threshold, due to the value of their collateral falling or the value of the borrowed assets increasing, their position can be liquidated. The liquidator pays back the borrowed assets and in return they earn a portion of the borrower’s collateral.
Users interact with the cToken contracts. These are ERC-20 tokens that represent the assets a user has supplied to the market. As the market accrues interest, the value of the cToken compared to the underlying asset increases. The cToken itself receives a portion of the interest as reserves.
About Compound – cToken
“Compound is a protocol on the Ethereum blockchain that establishes money markets, which are pools of assets with algorithmically derived interest rates, based on the supply and demand for the asset. Suppliers (and borrowers) of an asset interact directly with the protocol, earning (and paying) a floating interest rate, without having to negotiate terms such as maturity, interest rate, or collateral with a peer or counterparty
Each money market is unique to an Ethereum asset (such as Ether, an ERC-20 stablecoin such as Dai, or an ERC-20 utility token such as Augur), and contains a transparent and publicly-inspectable ledger, with a record of all transactions and historical interest rates.”
.png)
Summary
Uniswap implements Permit2 and Permit2Lib which are smart contracts that enable permit-style approvals and transfers using signatures for ERC20 tokens that do not support such functionality.
The most critical subjects covered in our audit are functional correctness, signature handling andfront-running. Security regarding front-running is improvable due to a possible attack vector on permitapprovals, see Race Condition on Approvals. Security regarding functional correctness and signaturehandling is high.The general subjects covered are specification correctness and uncommon language features. Securityregarding all the aforementioned subjects is high.
In summary, we find that the level of security of the codebase is high. Discovered issues do not render the contracts immediately unsafe, but enable potential human errors.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Uniswap – Permit2
What is Uniswap Protocol?
“The Uniswap Protocol is an open-source protocol for providing liquidity and trading ERC20 tokens on Ethereum. It eliminates trusted intermediaries and unnecessary forms of rent extraction, allowing for safe, accessible, and efficient exchange activity. The protocol is non-upgradable and designed to be censorship resistant.”
Summary
GUniLPOracle is a specialized oracle in the Maker ecosystem that provides prices for the LP (liquidity provider) shares of GUNI pools. It determines the price of a GUni token based on the underlying tokens held in the UniswapV3 position at the current market rate of these tokens as returned by Maker oracle. GUNI works on top of Uniswap and serves as a generic wrapper of Uniswap V3 positions into ERC20 tokens with the goal to provide more flexibility to end-users that deposit or withdraw liquidity into Uniswap V3 pools.
On a high level, Uniswap V3 aims to utilize more efficiently the pool liquidity by allowing the LPs to choose the price range (lowerTick and upperTick) where their liquidity is made available. The rewards for an LP depend mostly on the trade volume on the price range that the liquidity has been allocated. This makes Uniswap V3 positions non-fungible. On the other side, GUNI is a module managed by Gelato Networks that tries to abstract the internals of the Uniswap V3 to end-users (LPs) and maximize their profits by allocating the liquidity continuously into optimal price ranges and investing the earned fees. In this setup, the LPs provide the liquidity into the GUNI pools, which deposit the liquidity into the Uniswap V3 and then mints the respective wrapped ERC20 tokens for the LP. Note that, the minted tokens (shares) by GUNI represent a position in the Uniswap V3 pool, however, such tokens are typical ERC20 tokens, hence fungible (while Uniswap V3 positions are non-fungible).
The goal of GUniLPOracle is to price the LP shares of GUNI pools according to the value of the position they represent in the Uniswap V3 pool. To achieve this goal the GUniLPOracle interacts with other oracles in the Maker ecosystem that provide price information for the related tokens and the respective GUNI pool. For this to work, the GUNI should provide a function getUnderlyingBalancesAtPrice(uint160 sqrtPriceX96), which forwards the call to the function LiquidityAmounts.getAmountsForLiquidity(). The core logic of the price calculation in GUniLPOracle is implemented in the function seek(). Similarly to other oracles of Maker, GUniLPOracle operates with two Feed variables cur and nxt which store the current price and the queued price respectively. The prices propagate through the system with 1 hour delay, therefore allowing wards to take measures in case the queued price nxt is set to an incorrect value.
About
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
The most critical subjects covered in our audit are functional correctness, integration with external systems, and access control. Security regarding functional correctness is improvable due to potentially unexpected behaviour, see Unexpected staking of tokens. Security regarding integration with external systems is improvable due to slashing being unhandled for Kiln, see Unhandled stake slashing on Kiln.
The general subjects covered are gas efficiency, documentation, code complexity and error handling. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a good but improvable level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Enzyme Sulu Extensions VII Smart Contracts
Avantgarde Finance implements integrations for staking Balancer LP tokens natively or on Aura and provides price feeds for the staked tokens and Balancer v2 stable pool LP tokens. Further, batching ParaSwap orders with optional individual failures, staking ETH on Kiln, and periphery shares wrapper contracts for arbitrary deposit tokens were introduced.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
Summary
Gearbox implements a general-purpose leverage protocol for ERC-20 tokens. The system is modular and consists of different parts. This report covers the new Gearbox V2 system. V2 consists of the samemodules as V1.
All modules work together within a release, some of the modules can be used acrossreleases. The following release-overarching combinations have been considered in this audit:V2 credit system connecting to a V1 Pool Service and the V1 AccountFactory / Credit Accounts.Other combinations have not been reviewed. Notably PriceOracle of V1 cannot be used in V2. Adapterscount as part of the credit system and must not be used across versions.
About Gearbox V2
“Gearbox is a generalized leverage protocol: it allows you to take leverage in one place and then use it across various DeFi protocols and platforms in a composable way. The protocol has two sides to it: passive liquidity providers who earn higher APY by providing liquidity; active traders, farmers, or even other protocols who can borrow those assets to trade or farm with x4+ leverage.
The core vision is to become a backend composable leverage protocol that all kinds of users have but don’t even need to interact directly with any interface. You can envision building your own DeFi protocol and just making a “take leverage with Gearbox” as a button. And bam – your users are now more capital efficient. Or integrate Gearbox into a platform like Zerion or Zapper.”
Summary
Q Blockchain is an Ethereum based chain with a delegated proof of stake (DPoS) consensus mechanism, on-chain governance framework, built-in stablecoin system, and numerous other features. Majority of those system elements are implemented as on-chain smart contracts, that interact with each other. The native token of Q Blockchain is called Q token.
About Q Blockchain
“Q combines the benefits of a public, open and decentralized ledger with the transparency of enforceable private contracts. Whether you want to interact with other businesses, build decentralized applications or simply send and receive tokens: Q is for you.”
.svg)
Summary
The most critical subjects covered in our audit are functional correctness, access control, and signature handling.
The contracts show a high level of functional correctness and handle signatures correctly. The general subjects covered are code complexity and gas efficiency. The code maintains an adequate level of complexity. Gas efficiency is good but could be improved in some cases.
In summary, we find that the current codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket Exchange Smart Contracts
Polymarket implements a prediction market for real-life events. This audit covers the governance and exchange part of the protocol.
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Source: https://docs.polymarket.com/faq/general#what-is-polymarket
Summary
We did not uncover critical issues. The most severe subjects covered in our audit are the following two medium rated issues: Admin Set Too Early in LiquidityGaugeV4Strat and Zero Address Reward Distributor. As the system is already deployed and the issues are not critical, StakeDAO decided to not change the code.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About StakeDAO – LiquidLockers
StakeDAO implements so called liquid lockers. They allow users to earn yield on their locked tokens, make them transfer and still preserve voting power for the users.
“The Maker Protocol, also known as the Multi-Collateral Dai (MCD) system, allows users to generate Dai by leveraging collateral assets approved by “Maker Governance.” Maker Governance is the community organized and operated process of managing the various aspects of the Maker Protocol. Dai is a decentralized, unbiased, collateral-backed cryptocurrency soft-pegged to the US Dollar. Resistant to hyperinflation due to its low volatility, Dai offers economic freedom and opportunity to anyone, anywhere.”
Summary
MYSO Finance implements a borrowing system which does not expose borrowers to liquidation risks. Each loan has the same duration and does not rely on any price oracle or curve-based pricing.The most critical subjects covered in our audit are asset solvency, functional correctness, access control, and precision of arithmetic operations. Security regarding all the aforementioned subjects is high. In the first iteration of the engagement, we uncovered a few medium-severity issues related to the functional correctness that were addressed in the updated codebase.
The general subjects covered are upgradeability, documentation, trustworthiness, gas efficiency and code complexity. The contracts in scope of this review are not upgradable and do not have any privileged account, hence the security regarding upgradeability and trustworthiness is high. The project has extensive documentation and inline code specification. We reported possibilities to improve the gas efficiency which were acknowledged by MYSO Finance but not adopted due to code size restrictions. Regarding code complexity, we highlighted a functionality that implements a complex logic to optimize storage costs and could be simplified.
About Myso Finance – Core V1
MYSO v1 is a DeFi protocol that allows users to borrow without liquidation risk. For borrowers, this makes it easier to understand and manage crypto loans, while for lenders this provides new and sustainable yield enhancement opportunities.
The way this is achieved is through “zero-liquidation loans”, a novel risk transfer mechanism in which borrowers are relieved from liquidation risk while lenders get exposure to a physically settled covered call strategy.
The protocol operates without relying on any trusted third parties or oracles. Moreover, lending pools are isolated from one another such that potentially bad collateral assets in one pool cannot compromise the integrity of the others.
MYSO v1 can help mitigate some of the systemic risks associated with liquidation-centered credit markets, such as cascading liquidations, externalities from liquidation related MEV and oracle manipulation.
Summary
ChainSecurity performed a smart contract audit of Curve Finance’s Tricrypto system, which extends their exchanges to swap 3 coins instantly, where the coins no longer need to be equivalent in value. The system consists of three relevant smart contracts written in the Vyper programming language.
Generally, Curve is a variant of a decentralized exchange (DEX) that relies on automated market making (AMM). Curve and similar AMM projects build upon the concept of liquidity pools and an invariant to determine the ratio/price to swap one coin vs another. A liquidity pool consists of multiple tokens. The tokens are added to the pool by so called liquidity providers. In return, liquidity providers receive a token that represents a share of the funds they own of the pool. Providing liquidity is incentivized by trading fees that the liquidity provider will receive when users trade (the fees are paid out indirectly by increasing the pool’s value). By having a certain amount of tokens, trades can be executed immediately in one transaction. The execution can be done immediately because no counter-party is needed.
Curve modified their function compared to e.g. Uniswap in a way that the price is more robust by introducing a modified invariant. This is achieved by flattening the curve around the equilibrium and shifting the curve given certain conditions are met. This new version aims to protect liquidity providers better, increase their profit and increase liquidity. The main invention of the new invariant is that the prices are included into the invariant. Additionally, conditional price updates are performed to shift the curve if desired.
About Curve Finance – Tricrypto
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
Summary
The modular proxy actions allow execution of operations, a set of actions. An action contract performs a single function. This flexibility makes it trivial to compose new operations from actions, especially as actions may be added or upgraded.
The most critical subjects covered in our audit are functional correctness, security and whether the implementation is suitable for the intended purpose. While the modular implementation is suitable to reach the documented requirements it results in increased transaction costs which may hinder adoption. The modularity is significantly more complicated than a monolithic architecture. Extensive forked mainnet tests are recommended.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Oasis.App – Modular Proxy Actions
“Oasis.app mission is to provide the best and most trusted entry point to deploy your capital and benefit from all of the potential in DeFi. You can just connect your wallet, and borrow Dai by opening a Vault using your preferred crypto as collateral (such as ETH, wBTC, USDC, LINK and many more).
(…)
DeFi platforms like Oasis.app are reimagining the way access to financial products work – helping investors to unlock the potential of cryptocurrency, without having to deal with high costs and third parties.
Besides the home made features, Oasis.app is integrating several solutions, like 1inch for liquidity and Uniswap Swap Widget, to improve more and more and make the UX as complete as possible.”
Summary
For this assessment Yearn redesigned the Yearn Vault system for voting escrow locked CRV tokens. This new yCRV Vault allows unidirectional conversion of CRV and old yveCRV tokens into new yCRV Vault tokens. Another contract is ZapYCRV – a helper converter that allows conversions between different CRV and yCRV related tokens. Using it, users can convert allowed tokens into lp-yCRV and st-yCRV – Curve StableSwap CRV/yCRV LP token and staked autocompounded yCRV token versions.
The most critical subjects covered in our audit are solvency, functional correctness and compatibility with external systems. Security regarding system solvency is high after the fix of a critical bug that caused users not to receive their tokens, see LPYCRV Outputs Not Transferred to User. Functional correctness is high. Compatibility with external systems is satisfactory, due to a justified potential delay of CRV tokens being locked, see CRV Not Locked When Used to Mint YCRV.
The general subjects covered are specification and error handling. Documentation and Specification are outdated and require significant extension, since system intentions and features are not fully describe. Error handling is extensive.
In summary, we find that the codebase provides a satisfactory level of security. Discovered findings have been fixed or their risks were accepted by the Yearn. We advice revisiting and addressing the issues for wich the risks were accepted. In addition, prior the deployment, we suggest using extensive testing techniques like property based testing and forked mainnet testing to avoid potential problems with the upgrade of the yveCRV system.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Yearn Finance yCRV and ZapYCRV
Yearn Finance is “a suite of DeFi tools and products in an interconnected financial ecosystem running on various smart contracts. The yEarn Finance ecosystem is community-controlled and governed via a governance token called YFI.”
.png)
Summary
Morpho implements a peer-to-peer lending protocol that leverages the liquidity of existing lending protocols like Aave or Compound to allow instant withdrawals. Peer-to-peer matched users benefit from better rates than users of the underlying lending protocols.
The most critical subjects covered in our audit are access control, functional correctness and precision of arithmetic operations. Access control is extensive. Functional correctness of the main contracts is high. Functional correctness of the HeapOrdering data structure is not sufficient as the Heap data structure can be spammed. This issue can also lead to accidental violation of the Heap ordering, causing users additional gas fees. Precision of arithmetic operations is high.
The general subjects covered are documentation and gas efficiency. Documentation is extensive. Gas efficiency is improvable as shown in Gas inefficiencies.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project
About Morpho (Aave V3)
“Morpho is a lending pool optimizer. It is a peer-to-peer layer on top of lending pools like Compound or Aave. Rates are seamlessly improved for suppliers and borrowers while preserving the same liquidity and liquidation parameters.”
Source: Morpho team