Back to yongskiws's contests

Revert Lend - yongskiws's results

A lending protocol specifically designed for liquidity providers on Uniswap v3.

General Information

Platform: Code4rena

Start Date: 04/03/2024

Pot Size: $88,500 USDC

Total HM: 31

Participants: 105

Period: 11 days

Judge: ronnyx2017

Total Solo HM: 7

Id: 342

League: ETH

Revert

Findings Distribution

Researcher Performance

Rank: 28/105

Findings: 1

Award: $527.39

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryRevert

Findings Information

🌟 Selected for report: 14si2o_Flint

Also found by: Bauchibred, K42, Sathish9098, hunter_w3b, invitedtea, popeye, yongskiws

Labels

analysis-advanced
grade-a
sufficient quality report
A-01

Awards

527.3923 USDC - $527.39

External Links

Link to GitHub issue
PageDescription
IntroductionIntroduction to Revert Lend
Key FeaturesMain features of Revert Lend
Features DetailsDetails of features of Revert Lend
OverviewGeneral overview of the code structure
Codebase qualityEvaluation of the quality of Revert Lend code
Approach we followed when reviewing the codeApproach followed when reviewing the code
AutocompoundDiagram Autocompound
AutoExitDiagram AutoExit
AutomatorDiagram Automator
Auto RangeDiagram Auto Range
FlashloanLiquidatorDiagram FlashloanLiquidator
InterestRateModelDiagram InterestRateModel
LeverageTransformerDiagram LeverageTransformer
SwapperDiagram Swapper
V3 OracleDiagram V3 Oracle
V3 UtilsDiagram V3 Utils
V3 VaultDiagram V3 Vault
Diagram ArchitectureOverview of the diagram architecture of the code
Centralized RiskRisks related to centralization in the code

Revert Lend Audit Analysis

Introduction

Revert is dedicated to developing analytics and management tools tailored for liquidity providers in Automated Market Maker (AMM) protocols. We foresee AMMs becoming a cornerstone of financial markets in the near future, offering new investment avenues for retail investors. However, navigating this landscape effectively demands open, transparent, and user-friendly tools accessible to all.

introduction

Key Features

  • Position Analytics: Providing insights into liquidity provider (LP) positions across various AMM protocols like Uniswap v3, Uniswap v2, and Sushiswap.
  • Top Positions: Highlighting the top-performing positions on Uniswap v3 based on profitability metrics.
  • Incentives: Displaying ongoing incentives programs on Uniswap v3 canonical staker contract and time-vested staker contract.
  • Initiator: Assisting users in initiating LP positions on AMMs with historical data and analysis to optimize fee generation.
  • Auto-compounding: Automating the compounding of accrued fees back into LP positions in Uniswap v3 for enhanced returns.

Features Details

  • Detecting Staked LP Tokens: Detecting LP tokens owned by an account involves tracking tokens minted and burned during deposit and withdrawal transactions. However, challenges arise when tokens are staked in contracts, leading to nuanced approaches for accurate detection.
  • Liquidity Incentives: Displays active incentives programs on Uniswap v3, facilitating direct management of staking, unstaking, and claiming rewards from LP position dashboards.
  • Position Management: Liquidity providers can efficiently manage their LP positions, including adding/removing liquidity, claiming fees, and adjusting slippage settings.
  • Auto-Exit: Automates liquidity withdrawal when pool prices hit predefined levels, with options to configure fee sources and manage leftover tokens.
  • Auto-Range: Automatically rebalances LP positions when prices move, ensuring liquidity stays in-range and collecting fees consistently, with customizable fee sources and management of leftover tokens.

Revert aims to empower liquidity providers with comprehensive tools for informed decision-making and efficient management of their positions in the burgeoning AMM landscape.

Overview

Structuring the code is crucial for conducting a thorough analysis of the code base. This enables auditors to predict the level of contract difficulty, identify critical contracts, and determine security-critical features such as payment functions or assembly usage. Additionally, this approach accurately measures the time required to perform a detailed audit and helps determine the cost of a project audit. To achieve efficiency, clarity, and improvements, it is essential to have a comprehensive view of the entire architecture. This enables the identification of the basic structure, relationships between modules, and key design patterns. By understanding the big picture, we can analyze the complexity of the code and reveal its strengths and potential for improvement with confidence.

Codebase quality

Overall, I consider the quality of the Revert Lend codebase to be excellent. The code appears to be very mature and well-developed. We have noticed the implementation of various standards adhere to appropriately. Details are explained below:

Contract NameRisks and WeaknessesImprovement Steps
Autocompound- Technical and Integration Risks - Lack of explicit error handling<br>- Single failure points in external dependencies1. Implement access control mechanisms<br>2. Enhance documentation for clarity<br>3. Continuously monitor and update to adapt to changes<br>4. Improve error handling mechanisms
AutoExit- Admin Abuse Risk<br>- Systemic Risk<br>- Technical Risk<br>- Integration Risk1. Implement access control mechanisms<br>2. Thorough testing and error handling<br>3. Enhance architecture and modularity<br>4. Continuously monitor and audit<br>5. Develop emergency plan
Automator- Admin Abuse Risk<br>- Systemic Dependency Risk<br>- Technical Risks<br>- Integration Risk1. Enhance testing coverage<br>2. Implement robust error handling<br>3. Explore decentralized governance mechanisms<br>4. Continuously monitor and update<br>5. Enhance code documentation
Auto Range- Admin Abuse Risk<br>- Systemic Vulnerabilities<br>- Technical Constraints<br>- Integration Challenges1. Stringent testing<br>2. Address admin abuse risk<br>3. Improve error handling and recovery mechanisms<br>4. Continuously monitor and audit<br>5. Enhance architecture and modularity
FlashloanLiquidator- Admin Abuse Risk<br>- Modularization and Code Reusability<br>- Code Conciseness and Documentation<br>- Error Handling<br>- Security Measures<br>- Efficiency Optimization<br>- Scalability Considerations1. Implement comprehensive testing<br>2. Enhance code documentation<br>3. Implement robust error handling<br>4. Ensure security of sensitive operations<br>5. Optimize gas usage and efficiency<br>6. Assess scalability limitations
InterestRateModel- Admin Abuse Risk<br>- Systemic Risk<br>- Technical Risk<br>- Modularization<br>- Code Documentation<br>- Error Handling1. Address admin abuse risk<br>2. Ensure proper integration and compatibility<br>3. Consider modularization and code documentation<br>4. Implement strong error handling mechanisms<br>5. Enhance architecture and testing
LeverageTransformer- Comprehensive Testing<br>- Error Handling<br>- Continuous Monitoring and Auditing<br>- Architecture Modularity1. Implement a comprehensive testing suite<br>2. Enhance error handling mechanisms<br>3. Continuously monitor external dependencies<br>4. Enhance modularity of architecture
Swapper- Admin Abuse Risk<br>- Systemic Risk<br>- Technical Risk<br>- Integration Risk1. Ensure access control implementation<br>2. Evaluate and mitigate risks related to external dependencies<br>3. Implement error handling mechanisms<br>4. Thorough testing and auditing
V3 Oracle- Admin Abuse Risk<br>- Systemic Risk1. Ensure security of admin privileges<br>2. Mitigate risks related to external dependencies
V3 Utils- Technical Risks<br>- Business Logic Weaknesses<br>- Single Points of Failure1. Thoroughly evaluate and mitigate security vulnerabilities<br>2. Improve code documentation<br>3. Identify and mitigate single points of failure
V3 Vault- Technical and Integration Risks<br>- Weak Points and Single Points of Failure1. Implement access control mechanisms<br>2. Enhance error handling and testing<br>3. Improve contract architecture and robustness

Approach we followed when reviewing the code

Autocompound

Used for automatically compounding positions.

Project Risk Model:

Technical Risks: The contract involves interaction with external contracts and on-chain swaps, which can introduce technical risks such as reentrancy attacks or oracle manipulation.

Integration Risks: Integration risks may occur due to dependencies on external contracts such as Uniswap V3 pools and Non-Fungible Position Managers.

Software Engineering Considerations:

  • Code follows Solidity 0.8.0 syntax and imports various OpenZeppelin contracts for security and utility functionalities.
  • Code employs safe arithmetic operations from SafeMath.sol and SafeERC20 for safer token transfers.
  • Modifiers like nonReentrant and ReentrancyGuard are used to prevent reentrancy attacks.

Related to automating position compounding, involving fee collection, swapping, and increasing liquidity in a position. The contract uses various parameters and status variables to manage the compounding process and handle liquidity adjustments.

Weak Points and Single Failure Points:

  • Single failure points may exist in external dependencies, such as INonfungiblePositionManager contracts and Uniswap V3.
  • Contract dependency on external oracles and price feeds introduces potential vulnerabilities.
  • Lack of explicit error handling for specific scenarios, such as failed token approvals or unexpected contract states, may be considered weak points.

To identify and address any vulnerabilities or weaknesses, consider implementing access control mechanisms and permission schemes to mitigate admin abuse risks. Enhance documentation to improve clarity and understanding of the contract's functionality and its integration with external components. Continuously monitor and update the contract to adapt to changes in external dependencies and evolving security practices. Overall, while providing functionality for automatic compounding, greater attention to security, testing, and error handling is recommended to enhance resilience and resilience against potential risks and vulnerabilities.

AutoExit

AutoExit is designed to manage positions automatically on Uniswap v3, allowing users to set automatic position sales (limit orders) or automatically swap tokens to the opposite token (stop loss orders) when a position reaches a certain point within the specified price range.

Risks

Admin Abuse Risk:

  • Operators have significant control in executing swaps and may potentially abuse their power.
  • Lack of access control mechanisms can lead to unauthorized parties executing swaps.

Systemic Risk:

  • Dependency on external components such as Uniswap v3 pools and swap routers introduces systemic risks related to their reliability and security.

Technical Risk:

  • The complexity of the execute function increases the risk of bugs, especially in handling token swaps and liquidity management.

Integration Risk:

  • Integration with external components like Uniswap routers introduces risks related to API changes, version upgrades, and potential bugs in external contracts.

Architecture

  • The architecture appears well-structured, separating automatic position management from swap execution.
  • Using events for logging and outputting relevant information is a good practice for transparency and debugging.

Testing

  • Thorough testing reduces the risk of undetected bugs and vulnerabilities.
  • Development of unit tests, integration tests, and scenario-based tests should cover various functionalities and edge cases.

Weak Points and Single Failure Points

  • Lack of appropriate access control mechanisms makes the system vulnerable to unauthorized access and manipulation.
  • Dependency on external components such as Uniswap pools and routers introduces a single point of failure if these systems become unavailable or disrupted.
  • The complexity of the execute function poses a risk of errors, especially in handling liquidity adjustments and token swaps.

Improvement Steps

  1. Access Control Mechanism: Implement role-based access control (RBAC) to restrict access to sensitive functions only to authorized parties.

  2. Comprehensive Testing: Develop a robust testing suite covering unit tests, integration tests, and scenario-based tests to ensure the correctness and reliability of the system.

  3. Code Refactoring: Break down complex functions into smaller, more modular components to improve readability, ease of maintenance, and testing.

  4. External Dependency Management: Implement error handling and fallback mechanisms to handle failures or unexpected behavior from external dependencies seamlessly.

  5. Enhanced Documentation: Provide inline comments and detailed documentation to explain code logic, dependencies, and external interactions.

  6. Continuous Monitoring: Implement monitoring and notification mechanisms to detect and respond to anomalies or suspicious activities promptly.

  7. Emergency Plan: Develop an emergency plan outlining the steps to be taken in cases of unexpected failures, security breaches, or other emergency situations.

Automator

Automator is a comprehensive implementation of an automated trading strategy utilizing external protocols like Uniswap V3. However, it's crucial to address risks associated with admin abuse, systemic dependencies, and technical complexities. Enhancing testing coverage, implementing robust error handling, and exploring decentralized governance mechanisms can bolster the security and resilience of the contract.

Risks Assesment

  1. Admin Abuse Risk: The contract allows the owner to control various parameters such as operators, vaults, and TWAP configurations. There's a potential risk if the owner abuses this control, possibly leading to unauthorized actions or manipulation.

  2. Systemic Dependency Risk: Dependency on external contracts/interfaces (e.g., UniswapV3, NonfungiblePositionManager) poses systemic risks if these contracts face vulnerabilities or become outdated.

  3. Technical Risks: Complex mathematical operations are involved in calculating swap amounts and TWAP checks. Errors in these calculations could lead to financial losses or unexpected behavior.

  4. Integration Risk: The contract is integrated with external protocols/interfaces (e.g., Uniswap V3, Vaults), which may introduce risks related to interoperability, version upgrades, or changes in the interface.

Enhancing Contract Security and Resilience

  1. Modularity and Extensibility: The contract structure appears modular, facilitating upgrades or additional functionality in the future.

  2. Readability and Documentation: The code is fairly structured, but additional comments explaining complex logic could enhance readability.

  3. Code Reusability: The contract imports various functionalities from OpenZeppelin and other external libraries, promoting code reuse and standardization.

Testing

  1. Unit Testing: Unit testing should be implemented to cover critical functionalities such as token transfers, TWAP calculations, liquidity provisioning, and exchanges.

  2. Integration Testing: Integration testing should validate interactions with external contracts/interfaces to ensure proper functionality.

Weak Points and Failure Points

  1. External Dependency: Dependency on external contracts/interfaces introduces dependency risks. Comprehensive error handling and strong security mechanisms should be in place to mitigate this risk.

  2. Owner Control: Centralized control by the owner poses a risk of admin abuse. Consider implementing multi-signature schemes or governance mechanisms to distribute control and enhance security.

Auto Range

AutoRange denotes a well-designed architecture for managing token positions within a configurable range. However, contract faces risks related to admin abuse, systemic vulnerabilities, technical constraints, and integration challenges. To mitigate these risks, stringent testing is required.

Admin Abuse Risk

The contract allows operators to adjust token positions, which poses a risk if operator privileges are not securely managed. Admin abuse could result in unauthorized configuration changes or mismanagement of user funds.

In-Depth Architecture Evaluation

The contract implements functionality to adjust token positions within specified ranges and handles swaps using Uniswap. It maintains mapping of position configurations and emits events to track changes.

Business logic relates to adjusting token positions based on pre-defined configurations, ensuring maximum slippage limits, and managing protocol rewards. This architecture appears to be well-designed to effectively achieve these objectives.

FlashloanLiquidator

FlashloanLiquidator offers a sophisticated solution for atomic liquidation using Uniswap V3 flash loans.

Admin Abuse Risk:

Ensure only trusted entities with administrative rights, as admin misuse can lead to poor fund management or manipulation of the liquidation process.

Software Engineering Considerations:

  1. Modularity and Reusability: Review opportunities to enhance code modularity and reusability, facilitating maintenance and future enhancements.
  2. Code Conciseness and Documentation: Enhance code readability and maintenance through comprehensive documentation and clear code structure.
  3. Error Handling: Implement robust error handling mechanisms to seamlessly handle unforeseen scenarios and prevent system failures or vulnerabilities.

In-depth Architecture Evaluation:

  1. Security Measures: Ensure sensitive operations such as flash loans and fund transfers are well-protected against exploitation or potential attacks.
  2. Efficiency Optimization: Review opportunities to optimize gas usage and improve overall efficiency, especially during intensive operations like liquidation and exchange.
  3. Scalability Considerations: Assess scalability limitations and explore potential strategies to enhance scalability alongside project growth.

InterestRateModel

InterestRateModel provides a strong foundation for interest rate calculations, but several areas require attention to enhance security, reliability, and maintainability. By addressing admin abuse risks, ensuring robust testing, improving code documentation, and considering modularization, the contract can be strengthened to better serve its purpose within the larger system.

Admin Abuse Risk: contract is owned by a single party, allowing the owner to update interest rate values. Ensure that only trusted entities control ownership to mitigate admin abuse risk.

Systemic Risk: The logic for interest rate calculation may seem straightforward, but improper parameter adjustments can lead to systemic issues such as incorrect interest rates, affecting user funds.

Technical Risk: The contract relies on external interfaces, so ensure proper integration and compatibility with these interfaces to mitigate technical risk.

Modularization: Consider breaking the contract into smaller, more manageable components to improve readability and maintainability.

Code Documentation: Enhance code comments to improve readability and understanding, especially for complex logic such as interest rate calculations.

Error Handling: Ensure strong error handling mechanisms are in place, especially in critical functions like setValues.

Architecture Assessment:

Interest Rate Calculation: The contract effectively calculates loan and supply interest rates based on utilization rates, with differentiation below and above the inflection point (kink). This architecture appears robust, but thorough testing is crucial to validate its accuracy.

Utilization Rate Calculation: Utilization rate calculations seem appropriate, but ensure they behave correctly in extreme cases such as zero debt.

Weak Points and Single Failure Points:

Owner Dependency: Dependency on the contract owner to update interest rate values introduces a single failure point. Consider implementing multi-signature mechanisms or governance for more decentralized control.

External Interface Dependency: The contract relies on external interfaces for some functionalities. Ensure proper integration and consider backup mechanisms in case of interface failure.

LeverageTransformer

LeverageTransformer facilitates efficient usage of leverage and deleverage positions within a single transaction, enhancing user experience and reducing gas costs. However, it is important to address the following areas for improvement:

  1. Comprehensive testing suite to ensure correctness and robustness of functionality.

  2. Implementation of explicit error handling and recovery mechanisms to address failures during token exchange or liquidity addition.

  3. Continuous monitoring and auditing of external dependencies to mitigate risks associated with integration vulnerabilities and systemic issues.

  4. Architecture separating leverage up and leverage down functionalities into separate methods, enhancing modularity and readability.

The lack of explicit error handling and recovery mechanisms in case of failures during token exchange or liquidity addition can lead to fund loss or trapped transactions.

Swapper

Swapper provides a flexible framework for executing exchanges using various routing protocols. Key areas to focus on include access control implementation, error handling enhancements, comprehensive testing, and evaluating potential vulnerabilities in external dependencies. Continuous monitoring and updates are crucial to mitigate risks.

Risks and Mitigation

Admin Abuse Risk:

Ensure that only authorized entities can invoke critical functions such as _routerSwap and _poolSwap.

Systemic Risk:

Assess the potential impact of vulnerabilities in external dependencies such as zeroxRouter and universalRouter.

Technical Risk:

Evaluate potential vulnerabilities related to token approval mechanisms, data decoding, and function calls to external contracts.

Integration Risk:

Assess compatibility with different versions of Uniswap, 0x, and other external protocols.

Best Practices

  • Ensure readability and code maintenance by providing comprehensive comments and following Solidity best practices.
  • Consider using access control mechanisms like Ownable from OpenZeppelin to restrict access to critical functions.
  • Implement error handling mechanisms to provide informative error messages to users in case of failures.

Specific Actions

  • Evaluate potential vulnerabilities related to token approval mechanisms and ensure that quotas are managed effectively to prevent unauthorized expenditures.
  • Review the dependency on external routers such as zeroxRouter and universalRouter and consider implementing backup mechanisms in case of their unavailability.

V3 Oracle

This V3 Oracle contract aims to implement a versatile oracle contract to calculate the liquidity position value of Uniswap V3 in different tokens. The contract also integrates error handling mechanisms, but there are still risks associated with dependency on external systems, admin access rights, and potential technical vulnerabilities.

Risks and Handling

  1. Admin Abuse Risk: There is a risk associated with the emergencyAdmin address having the power to take certain actions without a timelock, such as adjusting the oracle mode. This risk may arise if the emergency admin address is compromised or abused.

  2. Systemic Risk: contract is heavily dependent on external dependencies such as Chainlink feed and Uniswap V3 pool. Issues with these dependencies can affect the functionality and reliability of the oracle.

Event Usage

Using events for configuration updates (such as TokenConfigUpdated, OracleModeUpdated, SetMaxPoolPriceDifference, SetEmergencyAdmin) provides transparency and auditability of oracle configuration changes.

Deep Architecture Assessment

The architecture of contract revolves around several aspects:

  • Configuring the oracle mode for different tokens.
  • Fetching prices from Chainlink feed or Uniswap V3 pool.
  • Calculating token value based on liquidity position.

contract employs a dual oracle approach, utilizing either Chainlink feed or Uniswap V3 TWAP (Time-Weighted Average Price), with the option to verify prices between the two oracles. The contract also handles liquidity positions, fee calculations, and price conversions to determine the value of the specified token position.

Dependency Risks

contract heavily depends on external contracts such as Chainlink feed and Uniswap V3 pool. Downtime, manipulation, or inaccuracies in these external systems can affect the reliability and accuracy of the oracle.

Admin Access Rights

The ability for emergency admins to take critical actions without a timelock introduces a single point of failure. Ensuring the security of the emergency admin address is crucial to mitigate potential risks.

V3 Utils

Users can perform operations such as swapping tokens, adding liquidity, and reducing liquidity on the Uniswap V3 protocol. However, to ensure security, reliability, and availability, a comprehensive evaluation of risks and updates to technical considerations and project risks are necessary steps to strengthen.

Technical Risks:

  • Thorough evaluation of security vulnerabilities, such as reentrancy attacks or nonce reuse.
  • Code appears to follow Solidity best practices, such as using SafeERC20 for token transfers and leveraging modifiers for access control.
  • Consider adding comments or documentation to improve code readability and maintenance.

Business Logic:

  • The business logic for token exchange, liquidity provision, and NFT minting is well-structured and modular.
  • Ensure contract architecture is scalable and efficient, especially when dealing with large transaction volumes and potential liquidity providers.

Weak Points and Single Points of Failure:

  • Review contracts to identify potential weak points, such as unverified external calls, reentrancy vulnerabilities, or integer overflow/underflow issues.
  • Identify and mitigate any single points of failure in the contract, such as critical functions that could halt the system or compromise user funds if they fail unexpectedly.

V3 Vault

This implements a vault system for managing loans and collateral.

Risks

Admin Abuse Risk:

contract includes several functions reserved only for admins (withdrawReserves, setTransformer, setLimits, setReserveFactor, setReserveProtectionFactor, setTokenConfig, setEmergencyAdmin). Proper access control mechanisms are in place (onlyOwner modifier) to mitigate this risk. However, additional checks and balances are necessary to prevent potential abuse by admins.

Technical Risks:

The contract interacts with external contracts (permit2, nonfungiblePositionManager, oracle).

Integration Risks:

The contract relies on external protocols and oracles for critical functionality (e.g., permission signatures, position management, oracle data).

Software Engineering Considerations

Modularity and Extensibility:

The contract is relatively modular, with separate functions for different functionalities. However, further modularization could improve readability and ease of maintenance.

Code Reusability:

Some functions, such as _convertToAssets and _convertToShares, provide reusable utilities in other contracts, promoting code efficiency.

Gas Optimization:

Gas optimization techniques, such as using the delete keyword instead of replacing with zero, are used to reduce transaction costs.

Weak Points and Single Points of Failure

  • The contract's dependence on external protocols and oracles introduces potential single points of weakness and failure. Vulnerabilities or issues in these external components could affect the reliability and security of the contract.
  • Access control mechanisms for admin functions should be thoroughly reviewed to prevent potential abuse or unauthorized access.

Analysis of the code base and diagram architecture

V3Vault

V3Vault

V3Utils

V3Utils

V3Oracle

V3Oracle

Swapper

Swapper

LeverageTransformer

LeverageTransformer

InterestRateModel

InterestRateModel

FlashloanLiquidator

FlashloanLiquidator

AutoRange

AutoRange

Automator

Automator

Autoexit

autoexit

AutoCompound

AutoCompound

Centralized Risk

There are several functions in the source code that have the onlyOwner modifier, which means only the contract owner can execute them. However, in some cases, the contract owner has the ability to modify critical parameters such as reserve factors, limits, and others. Therefore, it is important to ensure that the selected contract owner is a trusted entity and will not misuse its ability to exercise the granted power irresponsibly. Additionally, there is functionality intended solely for admins, which has the potential for abuse if not properly controlled. This includes functions such as setParameters, setVault, and setAdmin. The lack of comprehensive access control mechanisms increases the risk of unauthorized parties executing critical functions, which can result in misuse or manipulation.

Conclusion

In general, the Revert Lend project exhibits an interesting and well-developed architecture we believe the team has done a good job regarding the code, but the identified risks need to be addressed, and measures should be implemented to protect the protocol from potential malicious use cases. Additionally, it is recommended to improve the documentation and comments in the code to enhance understanding and collaboration among developers. It is also highly recommended that the team continues to invest in security measures such as mitigation reviews, audits, and bug bounty programs to maintain the security and reliability of the project.

Time spent:

60 hours

#0 - c4-pre-sort

2024-03-24T08:52:55Z

0xEVom marked the issue as sufficient quality report

#1 - c4-judge

2024-04-01T15:25:26Z

jhsagd76 marked the issue as grade-a

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter