The most critical subjects covered in our audit are functional correctness, access control, and non-custodiality. Functional correctness and access control are good. Non-custodiality is good. However, due to several issues arising from administrator powers, see Execution data is not validated and Execution reentrancy may be possible, and the proxy action contracts being out-of-scope, there may be unforeseeable consequences for non-custodiality.
The general subjects covered are upgradeability, unit testing, documentation and error handling.
In summary, we find that the codebase provides a good level of security. However, there may unforeseeable consequences given the reasons above. In case the administrators are trusted, the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.