Summary
The most critical subjects covered in our audit are functional correctness and accounting correctness.
Functional correctness has been improved, as the new liquidation mechanism could interfere with the existing one, see buyExpiredCollateral Can Disincentivize Challenging. Additionally, the minimum collateral requirement for positions was not enforced, see Minimum Collateral Can Be Partially Withdrawn. Accounting correctness was improvable, as bad debt was not accounted correctly, see forceSale Does Not Account for Bad Debt.
The general subjects covered are specification and trust model. Specification is improvable, as the only specification provided was in the form of code comments. Security regarding the trust model is high, as the system still relies on the same trust model as the original Frankencoin contracts, with no additional trusted roles.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Frankencoin v2024
Frankencoin implements extensions to the already deployed Frankencoin stablecoin system. The extensions include a MintingHub with variable interest rates, a PositionRoller that enables flashloans, and a Savings module. The contracts must be accepted as Minters by Frankencoin Governance to become usable.
“Frankencoin is a collateralized, oracle-free stablecoin that tracks the value of the Swiss franc. Its strengths are its decentralization and its versatility.”
The audit was excellent! Very well done!I'm impressed with how quickly ChainSecurity's software engineers developed a deep understanding of the Frankencoin system and with their meaningful inputs to harden its mechanics.
Luzius Meisser, Inspirer, Frankencoin