Need an audit or want to learn more about Macro’s services?
Reach out for an audit or to learn more about Macro
0xMacro LibraryHere you will find Macro's growing
collection of public resources.
Check them out below.
A curated list of audits we have worked with in the past, available to the community.
Clanker-2
A smart contract system that enables ERC-20 token deployment on Base and rewards creators based on trading volume. Tokens can be deployed via Farcaster, partner APIs, or direct contract interaction.
Github Organization | Private Repo
A fork of Boring Vault with some additional functionality. We audited new decoders enabling Boring Vault to interact with the Eden, Sake, Morpho, and Across protocols. Additionally, the BoringVault contract was updated to support UUPS proxy and achieve compatibility with ERC-7802 for cross-chain bridging.
Level-1
lvlUSD is a stablecoin that is fully backed by USDC and USDT generating yield from blue-chip lending protocols.
Yield generating stablecoin pegged to USD. Interacts with trusted lending protocols, distributing yield to stakers. Audited the V2 contracts associated with minting and redeeming lvlUSD using multiple collaterals, and the contracts associated with interacting with lending protocols such as Aave and Morpho.
thirdWeb-22
Web3 developer tooling
We audited several contracts from thirdweb, including UniversalBridgeV1 and UniversalBridgeProxy (refactors of PaymentsGateway), MinimalAccountNew (a modular account implementation supporting EIP7702), and multiple paymaster contracts for different entrypoint versions and ZKSync chain.
Modular Account Repository | Private as of June 17, 2025
ZkSync Repository | Private as of June 17, 2025
Polynomial-5
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
Audit of an off-chain variant to limit orders and async orders.
Polynomial-4
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
We reviewed the added ability to make limit orders, requiring both sides of an order to be found before executing.
Superstate-6
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
Clanker-1
A smart contract system that enables ERC-20 token deployment on Base and rewards creators based on trading volume. Tokens can be deployed via Farcaster, partner APIs, or direct contract interaction.
As part of Clanker system audit we have reviewed the onchain code utilized by the clanker agent for token deployment and LP fee distribution. In addition, the review included ClankerVault functionality for locking predefined ClankerToken portion for specific time, LP fee splits between clanker team, token creator, and deployment partner, and cross chain ClankerToken functionality based on Optimism's Superchain specification.
Github Organization | Private Repo
Towns Protocol-9
An open source protocol for building decentralized real-time messaging apps.
We performed a review of Towns token functionality update, examining the implementation of Superchain integration functionality and ensuring proper universal deployment across Superchain compatible chains
SevenSeas-33
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed the Odos protocols and its associated decoder allowing boringVault to interact with the protocol.
SevenSeas-32
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
SevenSeas-31
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Spectra, Resolv, Uniswap V4, and EulerEVK.
SevenSeas-29
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We audited the Solana version of the Boring Vault that already launched in the EVM chains
SevenSeas-28
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including UniswapV2, Royco, Dolomite, Kodiak Island, Honey, Infrared, BeraETH, and Goldilocks.
Maple Finance-4
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
We reviewed a new feature within the Maple Finance system which allows MapleBorrowerActions contract to be whitelisted to interact with loan contracts on behalf of all borrowers.
Superstate-5
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
Review of bridge and redeem request functionality. Actual bridging and redeeming is performed offchain (out of scope).
SevenSeas-27
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Symbiotic, Morpho, Teller, and Silo. Additionally, we reviewed changes to the BoringOnChainQueue that added support for withdraw capacity.
SevenSeas-26
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Usual Money, Sky Money, Royco, Sonic Gateway, Sonic Deposit, and Euler EVK. Additionally, we reviewed the Zeroland protocol for compatibility with the AaveeV3DecoderAndSanitizer.
Maple Finance-3
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
We performed a comprehensive audit of the Maple Core protocol update, examining the implementation of three new yield-generating strategies (MapleBasicStrategy for ERC4626 vaults, MapleSkyStrategy for Sky Savings Rate via sUSDS, and MapleAaveStrategy for Aave Pool deployments).
Infinex-15
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed changes to the PatronVesting contract that added two capabilities: allowing the owner to claim on behalf of users and enabling allocation transfers from the zero address to another address.
GitHub Organization - Repo private as of January 13, 2025
SevenSeas-25
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Audited a small code change to boring solvers allowing solvers to cover a deficit if they so choose.
Citrus Finance-1
Multi-chain All-in-One DeFi Platform.
We reviewed Citrus's custom Safe Module that allows them to execute a configuration task across multiple chains using only a single signature.
Kodiak-3
Berachain’s Native Liquidity Hub.
Github Organization | Private Repo
Infinex-14
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed several Account updates, including refactors and a new feature that allows users to transfer their tokens (native, ERC20, ERC721, and ERC1155) from their Infinex account to any specified destination address.
GitHub Organization - Repo private as of December 16, 2024
Derive-1
A decentralized protocol that creates unique and programmable onchain options, perpetuals, and structured products.
We audited Staked Derive Token, an adapted and simplified fork contract of Camelot's XGrail token with the addition of partial delegation
Github Organization | Private Repo
SevenSeas-23
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Audited the AaveV3 and LombardBtc decoders, allowing boring vaults to claim rewards with AaveV3, as well as mint LBTC and swap CBBTC for LBTC.
Superstate-4
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
Focus of the audit was on reviewing redemption fee logic for Superstate tokens, as well as verifying logic for obtaining Superstate tokens onchain. In addition, during audit we reviewed several smaller incremental changes across Superstate system components
SevenSeas-20
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed SevenSeas's Solana program – running on Eclipse.xyz – that holds deposited tokens to bridge to Ethereum mainnet via Hyperlane.xyz.
Rekt-2
A multi-industry company that offers drinks and beverages as well as NFT and radio services.
We audited the token distribution contract that uses a merkle tree to validate claims for users to claim owed Rekt tokens.
Private Repo and Organization
Superstate-3
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
Audit scope included review of the custom real time price oracle for Superstate's tokens associated with different funds. Also we reviewed transition to upgradeable system contracts together with liquidation logic integration for Morpho project.
Kwenta-19
A synthetic perpetuals trading platform
We audited functionality that added interacting with the new Zap contract allowing users to deposit, withdraw, unwind, and modify collateral utilizing Zap.
Infinex-12
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed the initial version of PatronVesting, which allows the owner to manage different tiers that define the conditions for users claiming their Patron NFTs.
GitHub Organization - Repo private as of December 16, 2024
Infinex-11
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed RewardCampaign, which allows the owner to create campaigns where users can claim rewards based on pre-defined vesting entries.
GitHub Organization - Repo private as of December 16, 2024
SevenSeas-18
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
We reviewed various protocols and their associated decoders allowing boringVaults to integrate them, including Bitcorn, Usual Money, Satlayer, Frax staking, and Lido bridging. Additionally a new withdrawal queue and solver was audited, allowing for anyone to solve requests and trading shares from one boring vault for another.
thirdWeb-21
Web3 developer tooling
We reviewed several changes to thirdweb's modular contracts, including support for signature-based minting and maxMintPerWallet limits for claimable modules. We also reviewed the Paymaster contract, which now accommodates payment tokens with non-standard decimal places.
Kodiak-2
Berachain’s Native Liquidity Hub.
Github Organization | Private Repo
Infinex-9
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
PatronNFT, a ERC721A NFT contract that utilizes new batch transfer functionality to allow for cheaper transfers of consecutive token ids, allowing for distribution of multiple tokens to cost less gas.
GitHub Organization - Repo private as of November 8th, 2024
thirdWeb-20
Web3 developer tooling
We reviewed the PayGateway contract that is now supporting thirdweb’s modular architecture. Additionally, we have reviewed changes on the Royalty modules, which have been changed to support the “creator token standard."
Heroglyphs-1
Keeping Ethereum decentralized and cypherpunk.
We audited GuessOurBlock contracts, a betting game that allows users to place bets on blocks that will be validated by a Heroglyphs validator, and include this ticker in their graffiti.
Zora-1
An decentralized creator-focused NFT marketplace.
We audited the Zora mints functionality, allowing for purchasing mints tokens which can be used to mint NFTs in the Zora protocol at a standard rate.
Infinex-10
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed the Governance Points (GP) distributor contract, a trusted and straightforward contract for sending tokens to users, and some minimal changes to the GP token contract. Additionally, we audited some feature abstractions to base contracts to avoid duplicated code and included further view helper functions in contracts.
GitHub Organization - Repo private as of October 7, 2024
Kwenta-18
A synthetic perpetuals trading platform
We audited Kwenta's reimbursement contracts, which are used to reimburse users with high trade volume over the past 30 days. The audit also involved reviewing ZK-circuits written in Go using the Brevis service.
Infinex-8
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We audited the Infinex Cardrun game, a card pack opening game using Pyth Entropy randomness requests to decide the card's content.
GitHub Organization - Repo private as of September 16, 2024
Infinex-6
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We audited Infinex Patron point of purchase, App, Beacon and Vaults contracts. Allowing users to use authorized signatures to access a Patron token purchase, register the proper on-chain receipt, and manage payments.
GitHub Organization - Repo private as of September 2, 2024
Orange-2
A protocol for building trustless, decentralized, and portable reputation for Web3.
Reviewed Orange migration contract, a pre-audited and deployed contract previously used as a bridge repurposed for their token migration. Allows users to burn old tokens by providing a valid authorized signature and claiming their new tokens.
SevenSeas-16
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Audited new bridging integrations and a "Drone" contract controlled by the boring vault to allow interacting with protocols with multiple addresses when necessary.
Maple Finance-2
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
We audited the protocol token migration from the MPL token to the new Syrup token as part of Maple's upgrade. This includes the Syrup Merkle tree distribution, the MPLUserActions contract that facilitates user migration to Syrup and xSyrup, and the SyrupUserActions contract that allows syrupUSDC swaps into DAI or USDC. Additionally, minor changes to the fixed and open loan terms were added.
Github Organization - Private Repo
Infinex-5
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed Infinex account changes with some refactors and two feature additions: Enabling users to sync their fund's recovery address using CCQ integration and direct CCTP bridging and recovery.
GitHub Organization - Repo private as of September 2, 2024
Kwenta-16
A synthetic perpetuals trading platform
We audited Kwenta's MarginPaymaster contract, an ERC-4337-compliant custom Paymaster contract that optimistically sponsors transactions signed by a privileged actor, attempting to recoup gas costs in USDC or SNX-V3 margin.
Kwenta-17
A synthetic perpetuals trading platform
Audited the update that added the ability to reward USDC along with KWENTA tokens in their staking contract.
Polynomial-3
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
Reviewed the integration of bridging functionality with SocketDotTech's bridge, allowing USDC to be bridged to the polynomial network and simultaneously allow for the creation of polynomial accounts and staking of the bridged assets.
GitHub Organization (private repo)
Inverter-1
A modular protocol for Primary Issuance Markets, enabling maximal value capture from token economies.
Inverter is a protocol and a modular framework for no-code solutions on Ethereum enabling customizable and dynamic token issuance and asset flow management. We have reviewed contracts related to core modules such as orchestrator and many use case specific modules handling staking, payments, authorization and many others.
TreasureDAO-6
Gateway to the cross-game economy. Built for the Treasure ecosystem.
Review of improvements for MagicSwap V2 (custom UniswapV2 DEX) and of Staking Rewards implementation contract.
Githhub Organization | Private Repo
SevenSeas-10
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Added decoders allowing bridging assets from boring vaults to and from Arbritrum and Optimism chains. Additionally added ability for vaults to interact with pancake swap v3.
SevenSeas-9
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Added decoders to interact with the Reserve protocol through Into the Block's specialized position manager.
Superstate-2
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
We performed a security review on the Superstate USTB repo, which mainly focused on USCC and SuperstateToken contracts, an allowlisted ERC20 token implementation with Permit and ERC-7246 encumbered balances extension.
Polynomial-2
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
Connext-7
A modular interoperability protocol
System of contracts for providing multiple mechanisms for bridging XERC20 compatible tokens using the Arbitrum canonical bridge.
Superstate-1
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
We reviewed onchain redemption system relying on Chainlink price feed for exchanging USTB (Superstate token) for USDC. System features also several admin controlled configuration features.
Mintra-2
On-chain, fee-sharing, Pulsechain NFT app
We reviewed Mintra's ERC721 and ERC1155 collection contracts that support customization on maximum supply, time-boxed minting, fee logic, token gating, etc.
thirdWeb-19
Web3 developer tooling
We reviewed Thirdweb's Modular Contracts framework, a set of core and extension contracts to support customization of minting, burning, token metadata, etc.
Infinex-4
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We conducted an audit of the Curve App, focusing on the implementation of the app and its proper integration with Curve NG pools. We also reviewed changes in the management App Module in the core Infinex Account system.
GitHub Organization - Repo private as of June 24, 2024
Polynomial-1
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
Reviewed this fork of Synthetix V3 with minor changes, and their cannon deployment scripts.
Cannon-1
A DevOps tool for building on Ethereum that manages protocol deployments on blockchains.
On-chain registry for software packages, similar to node. Users can register a package name, and give permissions to users to update packages. Usable on mainnet ethereum and optimism.
Shroom-1
Community currency token to reward user engagement in the r/MushroomPlanet subreddit
We audited the Shroom community currency token implementation, adding custom fee logic to the standard ERC-20 implementation using Thirdweb's audited contracts.
SevenSeas-8
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Infinex-3
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We reviewed Infinex's governance system, which is composed of a set of contracts used to elect council members and assign them to designated GnosisSafe wallets. Cross-chain communication is utilized to determine the voting power and propagate the elected members to different chains.
GitHub Organization - Repo private as of June 24, 2024
Orange-1
A protocol for building trustless, decentralized, and portable reputation for Web3.
Compound-2
Building infrastructure for the future of finance.
We audited Quark Wallets' new additions and modifications, which now support multi-Quark operations. Users can now sign multiple Quark operations or a single operation to be executed cross-chain. The new Paycall and Quotecall scripts were also audited in this round.
SevenSeas-6
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Titan Node-1
Livepeer Video Mining Pool providing Transcoding and Staking services.
We reviewed the Titan Node PaymentStream contract, a streamlined payment management system that enables payees to claim ERC20 tokens released linearly over time. The contract also includes safeguard mechanisms allowing for the finalization of payments if necessary.
Infinex-2
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We conducted an audit of Infinex's Governance Points contract and its staking mechanism to reward users of Infinex accounts across the many chains they are deployed on.
GitHub Organization - Repo private as of May 13, 2024
Infinex-1
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
We conducted an audit of Infinex Accounts, focusing on its innovative use of a proxy beacon, upgradable architecture with multiple modules, and customizable key management system. This design empowers users to manage their accounts independently without relying on external parties. Additionally, the upgradable structure allows for seamless implementation of new features and updating configuration parameters, provided users opt in.
GitHub Organization - Repo private as of May 13, 2024
Kodiak-1
Berachain’s Native Liquidity Hub.
Github Organization | Private Repo
Illuvium-2
A decentralised studio building an Interoperable Blockchain game universe on Ethereum.
We reviewed a vesting contract that rewards users with ERC20 tokens based on a defined vesting tier.
thirdWeb-17
Web3 developer tooling
We reviewed an update on Thirdweb's smart wallet contract to support Seaport bulk orders for EIP-1271.
SevenSeas-5
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
thirdWeb-18
Web3 developer tooling
Review of thirdweb's Airdrop contract, which encompasses push, claimable, and signature-based airdrops in a single contract. We also audited the PaymentsGateway contract, a component of thirdweb Pay. It serves as the entry point for pay transactions and handles fee management, logging, and routing the transaction to the swap provider.
Illuvium-1
A decentralised studio building an Interoperable Blockchain game universe on Ethereum.
We reviewed an UUPS upgradable ERC-20 implementation with role-based access control and pausing capability.
SevenSeas-4
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Audited a new vault protocol, the Boring Vault, which is a simplistic contract itself, but is managed by a contract that requires calls to be pre-approved via a merkle tree, and the vaults share exchange rate and withdrawals are managed and handled by the protocol.
SevenSeas-2
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
Audited a Pendle adaptor and its corresponding Pendle pricing extension, to allow cellars to interact the Pendle protocol and hold various Pendle tokens as positions, including LP, YT, PT, and SY tokens.
Mento-3
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
Audited an adjustment to the vote escrow curve function and adjustments to the governance contracts setup.
IDEX-B-1
DEX with leverage and gas-free trading
Audit of changes made to the core protocol including margin requirement changes, support for pending deposit, a new EscrowContract has been added, support for quote token migration, and other minor refactors.
Connext-5
A modular interoperability protocol
We reviewed the new Connext's connector for Scroll L2. Scope included both ScrollHubConnector and ScrollSpokeConnector contracts.
Covenant-1
Borrow and lend against any tokenized asset through liquid, tradeable debt markets.
Covenant is a decentralized, non-custodial debt market, built on perpetual debt. It is a lending protocol based on Aave architecture with interest rate calculation externalized to AMM markets for particular debt asset. Macro audited their core protocol implementation prior to their beta release.
Sommelier-16b
Automated DeFi yield optimization strategies
Audited Sommelier's multichain contracts that allow assets to be shared between different chains using Chainlink's CCIP protocol. Additionally, we audited the Compound v3 adapter as well as the support for various staking adapters including EtherFi, KelpDAO, Lido, Renzo, Stader, Swell.
Patchwork-2
Supercharge tokens, contracts, and addresses by layering rich blocks of interoperable, interconnected, interactive data on top of any onchain entity.
Patchwork protocol was refactored and new functionality was added to the core system contract for managing and charging various fees related to different system operations. We have reviewed these changes and additional updates that were introduced to extract assignment functionality into a specific contract
Sommelier-16a
Automated DeFi yield optimization strategies
Audited the new addition to cellars to support multi-asset deposits as well as the support for MorphoBlue adapters.
Sommelier-15
Automated DeFi yield optimization strategies
The ability to have a sequencer check was added to the price router to be used for cellars on layer 2 chains, preventing pricing when the sequencer is down.
Kwenta-12
A synthetic perpetuals trading platform
Audit of Zap, a contract that allows the feeless exchange of USDC to sUSD and vice versa via SynthetixV3 spot markets.
Kwenta-11
A synthetic perpetuals trading platform
Kwenta V3 smart margin contract was made upgradeable and implemented Zap functionality to exchange USDC to uUSD and back. The ability for USDC to be converted to sUSD and used as collateral, or have collateral be withdrawn and converted to USDC was added.
Mintra-1
On-chain, fee-sharing, Pulsechain NFT app
Audit of Mintra’s marketplace contract, a fork of Thirdweb's direct listing marketplace, with changes being made to permissions, royalty logic, and support for bulk buy.
Mento-2
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
Audited Mento's new governance contracts using vote escrowed mento tokens to vote, as well as a immutable factory to deploy and setup relevant contracts.
Compound-1
Building infrastructure for the future of finance.
We audited Compound Quark Wallet, a flexible, trustless, custom smart contract account that allows entitled users to execute Quark Operations through direct execution or signatures. The system design allows for any arbitrary code execution, deploying new scripts atomically during a Quark Operation execution or re-using deployed scripts. Additionally, we audited specific scripts, such as Ethcall, Multicall, UniswapFlashLoan, and UniswapFlashSwapExactOut.
Sommelier-14
Automated DeFi yield optimization strategies
Audit of the following additions by Sommelier: A Curve adaptor and Convex curve adaptor allowing cellars to have a curve pool and Convex Curve positions. A pricing extension to price curve 2 pools. A slippage router to allow for deposits and withdrawals with specified slippage. A withdrawal queue, allowing users to specify withdrawal conditions and for a solver to bundle and execute withdrawal orders on their behalf.
Maple Finance-1
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
An audit of incremental updates to Maple V2 contracts packaged into the Q4 release. These included a new FIFO queue-based withdrawal manager submodule, a new pool permission manager submodule, and additional smaller changes and improvements for the rest of the system.
Github Organization - Private Repo
Kwenta-10
A synthetic perpetuals trading platform
Kwenta made conditional orders payable with ETH, allowing deposits and withdraws of ETH used for payment. Integration with EIP7412 was also added to allow price oracles to be updated when needed via off-chain verification.
Farcaster-3
A protocol for decentralized social apps
Audit of Farcaster v3.1 contracts. Updates implement new manager pattern to simplify future migrations, and adding additional mitigations to event spamming vectors
Sommelier-12
Automated DeFi yield optimization strategies
Audited the new Aura position adaptor, Curve and Redstone pricing extensions, and small updates to the Frax adaptors.
Connext-4
A modular interoperability protocol
Audited upgrades to support an optimistic system on Spoke Connectors.
thirdWeb-15
Web3 developer tooling
Audited BurnToClaimERC721 as well as changes made to MarketplaceV3 since the previous audit.
Nori-4
Carbon removal marketplace
Finished the second part of auditing core Nori contracts such as Market, Certificate, Removal, RestrictedNORI, and library helpers
Kwenta-9
A synthetic perpetuals trading platform
Small audit to review addition of a command that allows callers to update Synthetix keeper fee.
Patchwork-1
Supercharge tokens, contracts, and addresses by layering rich blocks of interoperable, interconnected, interactive data on top of any onchain entity.
Patchwork protocol enables new onchain use cases by defining and utilising new composition capabilities for ERC721 and ERC1155 tokens. We have reviewed a contract which enforces compliance and manages token transfers with these extra capabilities, including additional access controlled functionality for enabling cross token associations. In addition we have performed review of a set of abstract contracts that are meant to be inherited and reused for implementing specific token composition behaviors in a Patchwork compliant way.
Endaoment-2
A grantmaking foundation supporting every kind of giving, built entirely onchain.
Audited an update to the Aave, Yearn, and Compound portfolios to inherit from the updated Portfolio contract.
PoolTogether-1
A decentralized prize savings protocol
Audited V5 Prize Pool and V5 TWAB Controller contracts.
Kwenta-8
A synthetic perpetuals trading platform
Audit of Kwenta's Smart Margin v3 contract, which leverages Synthetix v3's account-based architecture and offers improved tools for trading Synthetix derivatives.
Kwenta-7
A synthetic perpetuals trading platform
Audit of the V2 version of Kwenta's staking rewards and rewards escrow contracts, as well as V1 -> V2 escrow migrator contract.
Sommelier-11
Automated DeFi yield optimization strategies
Audited the addition of Frax collateral and debt adaptors, and changes to the AxelarProxy contract.
Farcaster-2
A protocol for decentralized social apps
Audit of two new features in the KeyRegistry and IdRegistry contracts.
thirdWeb-14
Web3 developer tooling
Audited the EvolvingNFT and LoyaltyPoints contracts, as well as changes to the smart contract wallet account contracts and their factories.
Farcaster-1
A protocol for decentralized social apps
Audit of Farcaster's core L1 and L2 contracts.
Mento-1
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
Audited multiple contracts for the v2.2 Mento protocol release. Adding Oracle circuit breakers and updating the constant sum pricing module, pool manager, and a new and simpler ERC20 token implementation for stable tokens.
Sommelier-10
Automated DeFi yield optimization strategies
The CellarAdaptor was audited again with the added scope of using SavingsDai ERC4626 vault as a position, and no issues were found.
Sommelier-9
Automated DeFi yield optimization strategies
Audited the addition of the SharePriceOracle contract that uses Chainlink automation to update the share price of a cellar in order to reduce gas costs and lower share price volatility, as well as cellars that integrate this oracle.
Kwenta-6
A synthetic perpetuals trading platform
Audit of smart-margin V2.10 on the code changes from the prior audit of smart-margin V2.02, including a command that allows whitelisted token swaps to and from sUSD.
IDEX-1
DEX with leverage and gas-free trading
We audited the core smart contracts, including their exchange and governance protocols.
Connext-2
A modular interoperability protocol
Audit scope included, among other things, new connectors to support additional chains, templatized IXReceiver contracts, updates to the Optimism connector to support Bedrock, and adding initial implementation of Optimistic roots to avoid the direct use of AMBs to propagate messages to the RootManage.
Connext-3
A modular interoperability protocol
Audit of Wormhole hub and spoke connectors.
Bitcone-1
ERC20 token for the Coneheads community
We audited Bitcone's ERC20 token contract deployed on the Polygon blockchain.
thirdWeb-13
Web3 developer tooling
We audited two new contracts being deployed by thirdWeb: Dynamic Drops and Loyalty Cards.
Sommelier-8
Automated DeFi yield optimization strategies
Audited the updated PriceRouter to include pricing extensions as well as the corresponding price extensions for balancer pools and lido wsETH. Added Frax and Morpho position adapters, as well as using Axelar to bridge transaction from the sommelier chain.
Citadel-3
A fully on-chain game
We audited minor refactors, a new auth strategy for delegatecash, and improved events among other things
GitHub Organization - Private Repo
Kwenta-5
A synthetic perpetuals trading platform
Re-audited Kwenta's accounts and events functionality.
Fuji-1
A cross-chain money market aggregator optimizing lending and borrowing positions
We reviewed Fuji's full platform, including their lending, cross-chain, and permits functionality.
Tales-Of-Elleria-1
3D role-playing GameFi project
We audited their staking and bridge contracts that are used to manage staking and rewards logic.
thirdWeb-12
Web3 developer tooling
Audit of two separate features, the Smart Accounts and Open Edition ERC-721 Accounts.
Glo-1
A stablecoin supported by the Glo Foundation.
We reviewed the token contract, including access controls and core ERC-20 functionality.
Kwenta-4
A synthetic perpetuals trading platform
We audited the Kwenta smart margin accounts functionality and related contracts.
thirdWeb-11
Web3 developer tooling
We audited two separate features for thirdWeb, including PackVFR and the Extension Registry contracts.
Sommelier-7
Automated DeFi yield optimization strategies
The Cellar, Registry, CellarFactory, PriceRouter, and SwapRouter contracts were audited, as well as position adaptors integrating Aave, compound, uniswapV3, one inch and 0x.
Bueno.art-2
No-code NFT generation and deployment
Audit of Bueno.art's deployed 1155Drop contract deployed on Ethereum, as well as the clone factory contract used to deploy the 1155Drop contract.
Bueno.art-3
No-code NFT generation and deployment
We audited Bueno.art's deployed 1155Drop contract, specifically looking at the differences between solidity contracts and the deployed version on Ethereum mainnet referenced in the previous Bueno.art audit.
TreasureDAO-3
Gateway to the cross-game economy. Built for the Treasure ecosystem.
System for fractionalizing NFTs using custom Nft Vaults and providing liquidity by relying on customized UniswapV2 DEX.
Githhub Organization | Private Repo
thirdWeb-9
Web3 developer tooling
Audit of thirdWeb's Airdrop and Multichain Registry functionality.
Synthetix-1
DeFi liquidity layer
Macro audited three separate parts of the Synthetix V3 infrastructure: ERC standard tokens (20 and 721), Hardhat Router and Hardhat Storage
Synthetix-2
DeFi liquidity layer
We audited the Synthetix V3 contracts, specifically focusing on the core functionaltiy of the Synthetix V3 protocol.
Synthetix-3
DeFi liquidity layer
Re-audit of the Synthetix V3 contracts, specifically focusing on the core functionaltiy of the Synthetix V3 protocol. This was a second audit of similar functionality that was reviewed in the Synthetix-2 audit.
thirdWeb-10
Web3 developer tooling
We audited a collection of token extensions related to ERC721 tokens. This included functionality for ownership, permissions, sales, royalties, and more. We also reviewed the routing functionality for the contract.
The-Graph-1
Blockchain indexing and query protocol.
Audit of The Graph's subscription contract, which allows users to pay for their service with ETH for their services
Sommelier-5
Automated DeFi yield optimization strategies
Audited their Euler Debt and E token adapters.
Nori-2
Carbon removal marketplace
We re-audited Nori's core contracts, which are used to manage their carbon offsetting platform.
xDonations-1
A Connext project allowing NGOs to fundraise via on-chain cryptocurrency donations
Audit of the xDonations donation contract.
Arcade-2
P2P Loan Protocol for NFTs
Our review included their core protocol and market contracts.
Connext-1
A modular interoperability protocol
We audited Connext's messaging layer contracts, responsible for coordinating state updates between various Connext modules.
thirdWeb-8
Web3 developer tooling
Audit of their wallet accounts and signature drop 1155 contracts.
Double-1
A DeFi primitive for AMM liquidity providing
Audited Double core vaults, reward distribution, and UniswapV2 liquidity provider and migratory contracts
GitHub Organization - Private Repo
mStable-1
Stablecoin yield aggregator
Audit of mStable's MetaVaults, which are based on EIP-4626 vaults. We reviewed the underlying logic that allows users to deposit and withdraw assets from these vaults.
Sommelier-4
Automated DeFi yield optimization strategies
Audited the core Sommelier contracts, including the contract factory, router, staking, and 3rd party integrations.
Maker-1
Decentralized stablecoin and lending protocol
Audit of MakerDAO's dss-kiln module, which is used to manage liquidations. We reviewed its core functionality, including the mathematical logic underlying the liquidations functions.
Nori-1
Carbon removal marketplace
We audited Nori's core contracts, which are used to manage their carbon offsetting platform. This included access controls, bridging functionality and certificate minting functions.
Bueno.art-1
No-code NFT generation and deployment
Audit of Bueno.art's deployed 721Drop contract on Polygon, including their contract proxy and administrative functions.
thirdWeb-7
Web3 developer tooling
We audited three new staking contracts for thirdweb: TokenStake, a contract for staking ERC20 tokens; NFTStake, a contract for staking ERC721 NFTs; and EditionStake, a contract for staking ERC1155 tokens. Each contract supports configurable staking rewards.
Citadel-1
A fully on-chain game
We audited their main contracts, ZK ConstructionBay contract and Deployment scripts.
GitHub Organization - Private Repo
thirdWeb-6
Web3 developer tooling
Audit of Marketplace and TieredDrop contracts.
thirdWeb-5
Web3 developer tooling
Audit of their ERC20, ERC721 and ERC1155 drop contracts.
PartyDAO-1
Multiplayer crypto software
Audit of PartDAO's core contracts, which are used to manage their governance and treasury.
Kwenta-3
A synthetic perpetuals trading platform
Audit of the smart margin contracts, including the future's market and interfaces.
Sommelier-3
Automated DeFi yield optimization strategies
Macro is excited to continue its ongoing engagement with Sommelier Finance as they realize their vision of algorithmic, automated DeFi yield optimization strategies. Cellars support dynamic management and balancing across multiple asset types: ERC20s, other ERC4626s, and other Cellars – which are themselves ERC4626 vaults. They utilize governance and control mechanisms for management; Uniswap V2/V3 for asset rebalancing; and Chainlink price oracles for asset valuation.
thirdWeb-4
Web3 developer tooling
Audit of their ERC20, ERC721 and ERC1155 token contracts.
thirdWeb-3
Web3 developer tooling
We audited thirdWeb's Pack functionality and subsequent extensions and interfaces for the contract.
Kwenta-2 Mini
A synthetic perpetuals trading platform
We reviewed upcoming Kwenta feature designs to give their team confidence in the direction they were going.
SEE REPORT HERE: Due to the nature of this audit, a formal report was not created so the link above does not work.
thirdWeb-2
Web3 developer tooling
We audited three new exciting features for thirdweb: Multiwrap, a contract that allows transferring and trading of multiple assets as a single unit; DropERC1155, a contract that allows users to easily mint multiple sets of NFTs with no redeployment; and SignatureDrop, a contract that allows facilitating both drops and mints via signatures.
Useful resources for developing on Solidity, Ethereum, and the EVM.