Project Information
CATEGORY
De-Fi Protocols
NETWORK
Ethereum
WEBSITE
https://www.ribbon.finance/
DESCRIPTION
From July 25 to August 15, 2022, Ribbon Finance engaged Veridise to review the security of their Earn Vault. The review covered the on-chain contracts that govern the logic of the vault. Veridise conducted the assessment over 6 person-weeks, with 3 engineers reviewing code over 2 weeks. The auditing strategy involved tool-assisted analysis of the source code performed by Veridise engineers. The tools that were used in the audit included a mix of static analyzers.
Audit Report
SCOPE
This audit is restricted to the Solidity smart contracts of the Earn Vault. As such, Veridise engineers first reviewed the provided documentation to understand the desired behavior of the protocol as a whole. They then inspected the provided tests to understand the desired behavior of the protocol’s contracts as well as how users are expected to interact with them. Afterward, the Earn Vault contracts were assessed for bugs and security issues.
In terms of the audit, the key components include the following:
- The logic for depositing assets to the vault.
- The logic for redeeming shares from current deposits.
- Implementation of function rollToNextRound.
- Implementation of RibbonVaultPauser.
- Calculation of management fees and token price per round.