Curve Finance – Tricrypto Security Audit

Download Audit Report
Summary

ChainSecurity performed a smart contract audit of Curve Finance’s Tricrypto system, which extends their exchanges to swap 3 coins instantly, where the coins no longer need to be equivalent in value. The system consists of three relevant smart contracts written in the Vyper programming language.

Generally, Curve is a variant of a decentralized exchange (DEX) that relies on automated market making (AMM). Curve and similar AMM projects build upon the concept of liquidity pools and an invariant to determine the ratio/price to swap one coin vs another. A liquidity pool consists of multiple tokens. The tokens are added to the pool by so called liquidity providers. In return, liquidity providers receive a token that represents a share of the funds they own of the pool. Providing liquidity is incentivized by trading fees that the liquidity provider will receive when users trade (the fees are paid out indirectly by increasing the pool’s value). By having a certain amount of tokens, trades can be executed immediately in one transaction. The execution can be done immediately because no counter-party is needed.

Curve modified their function compared to e.g. Uniswap in a way that the price is more robust by introducing a modified invariant. This is achieved by flattening the curve around the equilibrium and shifting the curve given certain conditions are met. This new version aims to protect liquidity providers better, increase their profit and increase liquidity. The main invention of the new invariant is that the prices are included into the invariant. Additionally, conditional price updates are performed to shift the curve if desired.

About Curve Finance – Tricrypto

“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.

Curve allows users (and smart contracts like 1inchParaswapTotle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”

Source: https://curve.fi/rootfaq

We appreciate ChainSecurity for very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance