Back to Overview

Enzyme Sulu Extensions V Smart Contracts Security Audit

Summary

The most critical subjects covered in our audit are functional correctness, access control and compatibility with the Enzyme system.

Security regarding all subjects is high.

The general subjects covered are error trustworthiness, documentation, and interaction with external systems according to their documentation. Compatibility with external systems is extensive. However, note that for compatibility with Solv requires an upgrade by Solv, see Solv’s BUYER_PAY fee pay type is unsupported is valid. Documentation is good. Trustworthiness is high given the trust model. However, please consider the note Arbitrary Loan Powers. In summary, we find that the codebase provides an improvable level of security. Note that most items covered are of high security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About Enzyme Sulu Extensions V Smart Contracts

Avantgarde Finance implements two new policies that allow fine-grained access control on adapters and external positions and a new list registry for unsigned integers used by the latter policy. Additionally, a derivative price feed for FIDU, an LP token with USDC as its underlying, is introduced. Further, a manual value oracle is implemented that allows its owner to set arbitrary uint256 values while keeping track of the latest update time. For its ownership transfers a new mixin is offered that implements the ownership transfer and claim mechanism. Arbitrary uncollateralized loans are offered through a new type of external position that allows to plug in accounting modules that compute the interest owed. Two such accounting modules are offered where one leverages the manual value oracle and the second one implements fixed interest. Two new external position types are also introduced to integrate with Solv Protocol’s convertible vouchers from the buyer and from the issuer side. Lastly, Avantgarde Finance updated the DepositWrapper contract.

Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.

We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)