Summary
The most critical subjects covered in our audit are functional correctness, access control and precision of arithmetic operations. Security regarding all is generally good. Security regarding functional correctness is good as long as drying out the Aave pool on purpose, see Provoking an Aave Liquidity Crisis, is unprofitable based on the borrow and supply caps, and the flashloan fees.
The general subjects covered are code complexity, error handling, specification and gas inefficiency. Security regarding all the aforementioned subjects is good. However, documentation could be more explicit for makers since the provided arguments on creation should be meaningful but are not checked by code.
All the issues uncovered during the review have been either fixed or acknowledged. In summary, we find that the codebase provides a satisfactory level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Mangrove Kandel Strats Smart Contracts
Mangrove Association (ADDMA) implements a “buy low, sell high” market making strategy leveraging the Mangrove core system, while optimizing the capital efficiency by supplying the idle funds on AaveV3.
—
“The Mangrove is an order book-based DEX that allows liquidity providers to post arbitrary smart contracts as offers. This new flexibility enables liquidity providers to post offers that are not fully provisioned. The Mangrove’s order book lists promises instead of locked commitments. Liquidity can be shared, borrowed, lent and, at the same time, be displayed in the Mangrove’s order book, ready to be sourced when, and only when, an offer is hit. The time of DeFi ‘s fragmentation in a myriad of pools is ending. In the Mangrove, liquidity reaches its ultimate potential. Value doesn’t have to be locked anymore.”
ChainSecurity has proved its ability to independently understand, thoroughly analyze, and help secure novel and complex smart contracts in a surprisingly short amount of time. We could not ask for a better auditing partner.
Adrien Husson, smart contract lead @ Mangrove