The most critical subjects covered in our audit are functional correctness, security of the assets and the accounting of the balances.
The general subjects covered are design, efficiency and documentation. While the Settlement system may protect from MEV done by the block producers, orders may be observed/rearranged on another level. The staking is only used as a barrier of entry and does not ensure that a resolver follows the protocol rules as stated in the documentation.
Detailed documentation / specification and documentation explaining the interactions between the components, especially with the limit order protocol was largely missing during the review. This review was done based on our understanding of the system as in the System Overview of this report for which we did not receive a confirmation of 1inch.
In summary, we find that the codebase in its current state provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.