Summary
The most critical subjects covered in our audit are functional correctness, rounding issues, and correctness of external integrations. The security regarding functional correctness is high, after issues in prior versions were resolved: Zappers can lose user funds. Security regarding rounding issues has been improved after the amount of share inflation was restricted, see Rounding in debt shares calculation can mint unbacked tokens. Security regarding external integrations is high, as issues with Balancer and Leverage Zapper have been resolved: BalancerFlashLoan missing access control and Leverage zappers do not return swap excess.
The general subjects covered are documentation, trustworthiness and code complexity. The project has very extensive documentation. The trustworthiness is high, as the system is designed to be immutable with limited trust assumptions. The system's contracts are very complex, which carries increased risk compared to simpler code.
In summary, we find that the core contracts provide a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Bold Smart Contracts
Liquity implements Liquity V2, a decentralized stablecoin system with user set interest rates, iterating on Liquity V1.
"Liquity V2 is a decentralized borrowing and stablecoin protocol that builds on the success of V1. It enhances it in several ways to offer the best borrowing experience, a highly resilient Ethereum-native stablecoin (BOLD), and sustainable on-chain yield."