Summary
Spacing Guild implements an ecosystem of private and public vaults with strategies managed by the Arrakis backend. The vaults use so-called modules to integrate with a third-party system to implement the strategies. Currently, the only available module is an integration with Valantis HOT.
The most critical subjects covered in our audit are asset solvency, functional correctness and precision of arithmetic operations. Security regarding all the afore mentioned subjects is good.
The general subjects covered are code complexity, gas efficiency, testing, and trustworthiness. Security regarding all the aforementioned subjects is satisfactory. However, the review brought to light the lack of thorough and meaningful testing, basic unit tests are done, but some of the bugs uncovered during the review could have been caught by proper end-to-end testing, see Rebasing Tokens Can Cripple theFunctionality of Vaults and RouterSwapExecutor Cannot Swap to Native Token. We encourage SpacingGuild to implement a more complete test suite.
In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Arrakis Modular smart contracts
Spacing Guild implements an ecosystem of private and public vaults with strategies managed by the Arrakis backend. The vaults use so-called modules to integrate with a third-party system to implement the strategies. Currently, the only available module is an integration with Valantis HOT.
"Arrakis is web3's trustless market making infrastructure protocol that enables running sophisticated algorithmic strategies on Uniswap V3. Liquidity providers can utilize Arrakis Vaults to have their liquidity be managed in an automated, capital efficient, non-custodial and transparent manner."