Summary
The most critical subjects covered in our audit are precision of arithmetic operations, asset solvency, invariant preservation, functional correctness, and front-running. Several issues of high and critical severity issues were identified in the first two iterations of the codebase, see Resolved Findings. The Governance contract was refactored in Version 3 to mitigate the reported issues by changing the core accounting and placing new restrictions on user operations (always reset all votes before new allocations).
In summary, we find that the codebase provides a satisfactory level of security. It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Liquity V2 - Voting Smart Contracts
Liquity implements Liquity V2, a decentralized stablecoin system with user set interest rates, iterating on Liquity V1. For more information, see our audit report for Liquity V2 - Bold Smart Contracts.
Liquity V2 implements a voting contract that distributes the incoming revenues based on the votes from users that have a stake in the system. A set of contracts are also provided to simplify the development of smart contracts that serve as proposals in the voting, known as initiatives.
We are very satisfied with ChainSecurity's expertise and thorough reports. It's a highly professional team that we would love to work with again.
Michael Svoboda, CEO @ Liquity AG