Audit
A full audit of the contracts delineated in these docs has been conducted by Cyfrin.
Full audit report:
[M-1] Owner can rescue the vault's own share tokens
Resolved
[M-2] Owner can chain admin calls for same-block drains
Resolved
[M-3] Withdrawals can effectively only happen on the primary chain after any yield has accrued
Resolved
[L-1] Misconfigured decimal scale can skew vault accounting
Resolved
[L-2] SherpaUSD does not work with fee-on-transfer tokens
Resolved
[L-3] Direct amount assignment in SherpaUSD::ownerMint/ownerBurn can break accounting for totalStaked and accountingSupply
Resolved
[I-1] SherpaVault::_rollInternal price calculation comment and math inconsistent
Resolved
[I-2] SherpaUSD::consumeTotalStakedApproval and SherpaUSD::consumeAccountingApproval callable by anyone
Resolved
[I-3] CCIPReceiver dependency not necessary
Resolved
[I-4] SherpaVault::redeem naming ambiguous
Resolved
[I-5] Some SherpaUSD can never be unstaked due to minimumSupply check
Resolved
[I-6] Consider implementing explicit rounding behaviour instead of default round down
Resolved
[G-1] Optimize setters by emitting event before state updates
Resolved
Click here to view the report directly in Cyfrin's public repo.
Last updated