The most critical subjects covered in our audit are the functional correctness of the contracts, the adapter configuration, the movement of the assets, and the interaction with the rest of the Gearbox system. A high severity issue was uncovered in one of the iterations where anyone could redeem on behalf of any user by front-runnng the signed permit or back-running the approval of the user. The issues have been addressed in the final commit. All in all, all the issues reported have been addressed. Security regarding all the aforementioned subjects is high.
The general subjects covered are access control, documentation and specification, gas efficiency, and the complexity of the implementation. Security regarding all the aforementioned subjects is high.
In summary, we find that the codebase provides a high level of security as no more issues were uncovered. We need to emphasize that the interactions between different components of the Gearbox system are complex. Moreover, the contracts in this scope have undergone many changes during the review. This in combination with the fact that the reviews are limited in time reduces our confidence in the assessment of the system’s security level.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.