Summary
The most critical subjects covered in our audit are functional correctness, oracle security and internal accounting. Security regarding all aforementioned subjects is high.
Functional correctness is good. Issues like Execution of wrong governance change and some smaller problems have been adequately fixed.
Newly created pools allowed Endless rebalancing due to a flaw in the handling of oracle prices. This has been addresses by rebalancing rewards being activated by governance as long as this is done in a correct manner considering TVL of the pool and CNC price.
The internal accounting of some tokenomics contracts was flawed due to Reward double counting and Wrong accounting in Bonding. These issues have also been addressed.
It should be noted that the security of funds is dependent on parameters like the imbalance buffers of the Curve oracle. These must be chosen with care (considering Curve pool fees, the share of a Conic pool’s Curve LP tokens etc.) to avoid the possibility of arbitrage opportunities.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
We have also conducted a deployment validation of Conic’s codebase. All security-relevant parameters of the deployed contracts as well as the evolution of these (starting from the block of the deployment of each contract until Ethereum block # 19127196) have been reviewed. All contracts have been deployed in accordance with our security audit. The deployment validation report can be found here: Conic protocol Deployment Validation by ChainSecurity
About Conic Protocol
Conic implements Omnipools for Curve that allow to deposit a single asset into multiple Curve pools. The exposure to different Curve pools is changed in fixed time intervals by Governance vote.
—
“Conic Finance is an easy-to-use platform built for liquidity providers to easily diversify their exposure to multiple Curve pools. Any user can provide liquidity into a Conic Omnipool which allocates funds across Curve in proportion to protocol controlled pool weights.”
Conic's V2 audit by ChainSecurity was exceptional. Their thorough analysis revealed complex edge cases, providing invaluable insights that exceeded our expectations and underscored our commitment to providing the highest level of security
C-3PO