Summary
The most critical subjects covered in our audit are the correct implementation of the PegKeeperV2 and the PegRegulator, the handling of assets by the PegKeeper, and attack vectors based on the manipulation of the liquidity and price oracles. No major issues were uncovered during the review. All the issues have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, gas efficiency, documentation, and specification and testing. The security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
Curve implements PegKeeperV2 a more fine-grained version of PegKeeper. The goal of PegKeeperV2 is to maintain the peg of CRVUSD in its stablepools by adding or removing liquidity in the form of CRVUSD.
—
About Curve PegKeeperV2
“Curve is an exchange liquidity pool on Ethereum (like Uniswap) designed for (1) extremely efficient stablecoin trading (2) low risk, supplemental fee income for liquidity providers, without an opportunity cost.
Curve allows users (and smart contracts like 1inch, Paraswap, Totle and Dex.ag) to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.”
We appreciate ChainSecurity for very deep and thoughtful analysis!
Michael Egorov, CEO @ Curve Finance