The most critical subjects covered in our audit is the functional correctness, security of assets managed and impact/added risk on the existing Maker system.
This iteration of the review focussed on the redesigned implementation of the D3MHub and fixes of issues raised in the last review. The documentation available only gives a high level description of the system, description of detailed behavior (e.g. temporary exceeding debt limits during a transaction) or limitations (unsupported/broken distribution of pool shares in case of loss) is missing.
In summary, apart from the raised concerns when a third party system makes a loss and the pool shares held no longer cover the expected DAI amount, we find that the codebase provides a high level of functional correctness and security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.