TrueFi Logo PNG transparent _ ChainSecurity Smart Contract Audit

TrueFi Carbon Smart Contracts

Security Audit

Download Audit Report
Summary

The most critical subjects covered in our audit are the valuation of the portfolios and their tranches, the fee and interest calculations, the interactions of the lenders and the borrowers with the system and the access control. For the tranche valuation, we uncovered a Waterfall miscalculation issue. Under certain circumstances, the value of riskier tranches could be absorbed by higher tranches. The issue was addressed in the second iteration of the report. Attack vectors initiated by the portfolio managers were considered out of scope. In the current version some corner cases of the deficit calculation are not handled correctly.

The general subjects covered are complexity, deployment, testing and documentation. We believe that all the other aforementioned areas offer a high level of security. The documentation is comprehensive and unit testing is extensive. However, we need to emphasize that the complexity of the codebase is really high and the system can be in many different states which might require different handling. However, we would like to emphasize that portfolio managers are highly trusted and can introduce security risks to the protocol. The security of Carbon instances therefore ultimately depends on external factors.

In summary, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About TrueFi Carbon Smart Contracts

TrueFi implements an uncollateralized loan platform. Whitelisted users can create their own portfolios and have full control over them. Users can be lenders by buying shares of tranches which implement different investment strategies.

Chainsecurity did an absolutely amazing job working with us. The team is very knowledgeable, solid, and professional in every way. They definitely rank among the leaders of the space.
Justyna Broniszewska, Head of Engineering