Project Information
CATEGORY
De-Fi Protocols
NETWORK
Ethereum
WEBSITE
https://rangeprotocol.com/
DESCRIPTION
From Sep. 4, 2023 to Sep. 13, 2023, Range Protocol engaged Veridise to review the security of their Range GHO Vault. These vaults are designed to store user funds. A manager is responsible for taking out debt in GHO via an AAVE pool using user-supplied collateral, then managing the GHO and collateral in a Uniswap pool to produce profit in return for fees. The Veridise auditors reviewed the vault implementation and its associated factory, as well as slight modifications to Uniswap periphery contracts and renamings in an OpenZeppelin access-control contract.
The Veridise also simultaneously audited another repository supplied by the Range Protocol. This repository was the basis of the Range GHO Vault, and had nearly identical functionality. Most of the code was unchanged from this initial audit.
Veridise conducted the combined assessment over 2 person-weeks, with 2 engineers reviewing code over 1 week and 2 days on commits 0xef748c70-0xcaff8d88. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing.
Audit Report
SCOPE
The scope of this audit is limited to the contracts/ folder of the source code provided by the Range GHO Vault developers, which contains the smart contract implementation of the Range GHO Vault. Namely, the RangeProtocolFactory.sol, RangeProtocolVault.sol, and RangeProtocolStorage.sol files, the core implementation inside libraries/LogicLib.sol and libraries/DataTypesLib.sol, along with the access/, errors/, and uniswap/ directories.