Summary
The most critical subjects covered in our audit are functional correctness, asset solvency, arithmetic operations and oracle safety.
Generally, functional correctness is good. However, note that there are some low-severity issuesregarding functional correctness. Security regarding the remaining subjects is high.
The general subjects covered are gas efficiency, trustworthiness, error handling and specification.Security regarding all the aforementioned subjects is good. However, specifications could be improved,see Initial Liquidity Mismatches Whitepaper and Mismatches With EIP-5115.
In summary, we find that the codebase provides a good level of security. Also, note that the security ofSYs is highly dependent on the more derived implementation which was out of scope. Further, note thatthe scope only includes the base SY implementation, PY V1 and markets V1. Please see AssessmentOverview, Trust Model and Roles, and Notes.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Pendle V2 Core
Pendle Finance implements a yield tokenization platform along with an interest rate market. The products are built on top of each other and use the implementations of the standardized yield standard as a baselayer.
"With Pendle, you can always maximise your yield: increase your yield exposure in bull markets and hedge against yield downturns during bear markets."
ChainSecurity was a pleasure to work with—exceptionally easy to coordinate with and delivering an audit of the highest quality. Their meticulous attention to detail truly set them apart, making the entire process smooth and efficient.
Long Vuong Hoang, Head of Engineering