Giry implements a vesting plan for the participants of DAOs. The project is a fork of another well-audited project with a small number of additional features.
The most critical subjects covered in our audit are functional correctness and access control. We find that the project implementation is of a high quality and no severe issues were uncovered.
The general subjects covered are code complexity, use of uncommon language features, unit testing, documentation, specification, and gas efficiency. Security regarding all the aforementioned subjects is high with the exception of unit tests and the documentation which have not been updated to reflect the current state of the project. More specifically, the unit tests do not check for the correctness of the newly introduced features.
In summary, we find that the codebase provides a high level of security, but we strongly suggest to implement the missing unit tests.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.