Summary
The most critical subjects covered in our audit are functional correctness, access control, and non-custodiality. Functional correctness and access control are good. Non-custodiality is good. However, due to several issues arising from administrator powers, see Execution data is not validated and Execution reentrancy may be possible, and the proxy action contracts being out-of-scope, there may be unforeseeable consequences for non-custodiality.
The general subjects covered are upgradeability, unit testing, documentation and error handling.
In summary, we find that the codebase provides a good level of security. However, there may unforeseeable consequences given the reasons above. In case the administrators are trusted, the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Summer.fi Automation V2 Smart Contracts
Summer.fi implements the second version of the automation bot which opens the system to protocols other than Maker and introduces new kinds of triggers and grouped validation mechanics.
—
“Summer.fi mission is to provide the best and most trusted entry point to deploy your capital. We are building Summer.fi to let our users benefit from all of the potential in DeFi. Our team is made of passionate thinkers and builders.”