By David Goldberg in audits

Sommelier Finance

The Macro Audits team audited two of Sommelier’s cellar-contracts. Access the report and learn more about our smart contract auditing process.

Sommelier Finance is a yield optimization protocol with a twist: a yield generating strategy on an arbitrary chain is executed by validators of the Cosmos chain, decentralizing the ownership of that strategy. They are introducing the next iteration of strategies on DeFi, which are controlled by off-chain computation. It's a marketplace allowing independent strategy providers to bring ML-powered strategies to users.

The Macro Audits team audited only 2 of Sommelier’s cellar-contracts, at commit hash: 4409661be89308e5c3a60f84e898bc068337b13d

  1. CellarStakingRewards
  2. AaveV2StablecoinCellar

CellarStakingRewards is an upgraded version of the OG Synthetix Staking Rewards, with unique features such as un-bonding, emergency actions, and locking boost.

AaveV2StablecoinCellar is an ERC4626 vault intended to optimize stablecoin yields on AAVE. As a user, one simply deposits stables into the cellar, and then the cellar takes care of rebalancing the stables so that the user gets the best possible yield.

In our first review of AaveV2StablecoinCellar, we found a significant number of issues originating from the use of inactive assets. The Sommelier team was already thinking of changing the approach of using inactive assets, and after seeing our reported issues, they diligently decided to take the time required to change the approach they were taking.

After the approach changed, we proceeded with our second review.

The report of our second audit can be found here.

We found 1 High, 3 Medium, 2 Low, 4 Informational, and 1 Quality Issues, as well as Several Gas optimizations.

For our first review, we didn't publish the report; the findings were shared with the Sommelier team and were fixed.

Regarding our interaction with the Sommelier team, we were satisfied with their technical capability and open-mindedness. They were comfortable with delaying their launch until both parties were satisfied, which is generally a good sign.

We can’t say that we are a catch-all service, as no audit is. Though we may miss some things, one thing we pride ourselves on is our effort and thoroughness. We had some good eyes going through the code, and we wish Sommelier the best for mainnet.

This is what Sam Patel, Head of Product @Sommelier Finance has to say:

🍷
“Working with Macro felt like having an exceptional extended team that worked besides our team and invested time to understand our platform's complex architecture which enabled them to find in-depth vulnerabilities.

We had an opportunity to work with multiple auditors through the past 6 months and Macro's team and findings were by far the most insightful and critical in our redesign. We look forward to continuing our relationship as we launch future cellars”

This is what Kevin Kennis, Co-Founder @Sommelier Finance has to say:

🍷
"Not only was the Macro auditing team extremely thorough in their review, they have time and again gone above and beyond communication-wise in complex and time-sensitive situations. I especially loved how each finding in our audit report included a drop-in, fully coded test case that we could use as a benchmark in our fix for the reported issue. As a developer, having such a strong partner working towards our launch helped our team achieve high level of confidence in a smooth release.”

If you are interested in an audit, check us out:

Audits | Macro
Macro is trusted by multiple leading industry names in Defi and Crypto for Smart Contract auditing.
Macro

https://0xmacro.com/audits

We will do our best to exceed your expectations.