Summary
The most critical subjects covered in our audit are functional correctness, asset solvency and Enzyme's integration with the external system.
Functional correctness did not hold due to claimable collateral that might have been tracked incorrectly. For details please refer to the issue: Overestimation of Claimable Collateral in getManagedAssets. Further, the position's value could have been temporarily decreased by hiding value in the execution fee, which was not accounted for when evaluating the external position's total value: ExecutionFee of Orders in getManagedAssets.
After the intermediate report, all issues have been resolved.
During the assessment period, it became apparent that the technical documentation for GMX V2 lacks key information. As a result, our in-depth understanding of the external system was primarily derived from analyzing the available source code.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Enzyme Sulu Extensions XVIII
Enzyme Foundation implements a new external position for GMX V2. Supported orders are MarketIncrease, MarketDecrease (to modify long or short positions), StopLossDecrease (to set stop loss) and LimitDecrease (to set take profit). Additionally, a new policy DisallowedAdapterIncomingassetsPolicy has been implemented.
Enzyme is a decentralised asset management infrastructure built on Ethereum. Using Enzyme Smart Vaults, individuals and communities can build, scale and monetise investment (or execution) strategies that employ the newest innovations in decentralised finance.
We've worked with many Smart Contract auditors in the last five years and ChainSecurity quickly differentiated themselves as a leader in the space. They have relevant DeFi expertise, professional work ethic and have always been a reliable partner.
Mona El Isa (CEO)