Need an audit or want to learn more?
or
Message on Telegram
Macro Logo

Audit Works Library

A curated list of audits we have worked with in the past, presented here to the community.

DetailedSummary
Clanker-2

Clanker-2

18 issues
A smart contract system that enables ERC-20 token deployment on Base and rewards creators based on trading volume. Tokens can be deployed via Farcaster, partner APIs, or direct contract interaction.
6/13/2025
0
0
Med
Low
CQ
0
Info

SuperReturn-1

7 issues
A fork of Boring Vault with some additional functionality. We audited new decoders enabling Boring Vault to interact with the Eden, Sake, Morpho, and Across protocols. Additionally, the BoringVault contract was updated to support UUPS proxy and achieve compatibility with ERC-7802 for cross-chain bridging.
5/22/2025
0
0
Med
Low
CQ
0
Info
Level-1

Level-1

22 issues
lvlUSD is a stablecoin that is fully backed by USDC and USDT generating yield from blue-chip lending protocols.
5/1/2025
0
0
Med
Low
CQ
0
Info

Yield generating stablecoin pegged to USD. Interacts with trusted lending protocols, distributing yield to stakers. Audited the V2 contracts associated with minting and redeeming lvlUSD using multiple collaterals, and the contracts associated with interacting with lending protocols such as Aave and Morpho.

thirdWeb-22

thirdWeb-22

9 issues
Web3 developer tooling
4/25/2025
0
0
Med
Low
CQ
0
Info

We audited several contracts from thirdweb, including UniversalBridgeV1 and UniversalBridgeProxy (refactors of PaymentsGateway), MinimalAccountNew (a modular account implementation supporting EIP7702), and multiple paymaster contracts for different entrypoint versions and ZKSync⁠ chain.

Polynomial-5

Polynomial-5

2 issues
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
4/16/2025
0
High
0
Low
0
0
0

Audit of an off-chain variant to limit orders and async orders.

Polynomial-4

Polynomial-4

7 issues
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
4/16/2025
0
High
Med
Low
CQ
0
0

We reviewed the added ability to make limit orders, requiring both sides of an order to be found before executing.

Superstate-6

Superstate-6

2 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
4/15/2025
0
0
0
0
CQ
0
0
Clanker-1

Clanker-1

7 issues
A smart contract system that enables ERC-20 token deployment on Base and rewards creators based on trading volume. Tokens can be deployed via Farcaster, partner APIs, or direct contract interaction.
3/18/2025
0
0
0
Low
CQ
0
Info

As part of Clanker system audit we have reviewed the onchain code utilized by the clanker agent for token deployment and LP fee distribution. In addition, the review included ClankerVault functionality for locking predefined ClankerToken portion for specific time, LP fee splits between clanker team, token creator, and deployment partner, and cross chain ClankerToken functionality based on Optimism's Superchain specification.

Towns Protocol-9

Towns Protocol-9

4 issues
An open source protocol for building decentralized real-time messaging apps.
3/17/2025
0
0
0
Low
CQ
0
0

We performed a review of Towns token functionality update, examining the implementation of Superchain integration functionality and ensuring proper universal deployment across Superchain compatible chains

SevenSeas-33

SevenSeas-33

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
3/7/2025
0
0
Med
0
0
0
0

We reviewed the Odos protocols and its associated decoder allowing boringVault to interact with the protocol.

SevenSeas-31

SevenSeas-31

7 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
2/26/2025
0
0
Med
Low
CQ
0
0

We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Spectra, Resolv, Uniswap V4, and EulerEVK.

SevenSeas-29

SevenSeas-29

20 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
2/21/2025
0
High
Med
Low
CQ
0
0

We audited the Solana version of the Boring Vault that already launched in the EVM chains

SevenSeas-28

SevenSeas-28

2 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
2/11/2025
0
0
0
Low
0
0
0

We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including UniswapV2, Royco, Dolomite, Kodiak Island, Honey, Infrared, BeraETH, and Goldilocks.

Maple Finance-4

Maple Finance-4

1 issue
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
2/7/2025
0
0
0
0
0
0
Info

We reviewed a new feature within the Maple Finance system which allows MapleBorrowerActions contract to be whitelisted to interact with loan contracts on behalf of all borrowers.

Superstate-5

Superstate-5

3 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
1/30/2025
0
0
0
0
CQ
0
0

Review of bridge and redeem request functionality. Actual bridging and redeeming is performed offchain (out of scope).

SevenSeas-27

SevenSeas-27

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
1/17/2025
0
0
Med
0
0
0
0

We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Symbiotic, Morpho, Teller, and Silo. Additionally, we reviewed changes to the BoringOnChainQueue that added support for withdraw capacity.

SevenSeas-26

SevenSeas-26

2 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
1/17/2025
0
0
Med
0
CQ
0
0

We reviewed various protocols and their associated decoders allowing boringVault to integrate them, including Usual Money, Sky Money, Royco, Sonic Gateway, Sonic Deposit, and Euler EVK. Additionally, we reviewed the Zeroland protocol for compatibility with the AaveeV3DecoderAndSanitizer.

Maple Finance-3

Maple Finance-3

2 issues
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
12/20/2024
0
0
Med
Low
0
0
0

We performed a comprehensive audit of the Maple Core protocol update, examining the implementation of three new yield-generating strategies (MapleBasicStrategy for ERC4626 vaults, MapleSkyStrategy for Sky Savings Rate via sUSDS, and MapleAaveStrategy for Aave Pool deployments).

Infinex-15

Infinex-15

3 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
12/20/2024
0
0
0
Low
CQ
Gas
0

We reviewed changes to the PatronVesting contract that added two capabilities: allowing the owner to claim on behalf of users and enabling allocation transfers from the zero address to another address.

Citrus Finance-1

Citrus Finance-1

3 issues
Multi-chain All-in-One DeFi Platform.
12/9/2024
0
0
Med
0
CQ
0
0

We reviewed Citrus's custom Safe Module that allows them to execute a configuration task across multiple chains using only a single signature.

Kodiak-3

Kodiak-3

13 issues
Berachain’s Native Liquidity Hub.
12/6/2024
0
0
Med
Low
CQ
0
Info
Infinex-14

Infinex-14

11 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
12/5/2024
0
0
Med
Low
CQ
0
Info

We reviewed several Account updates, including refactors and a new feature that allows users to transfer their tokens (native, ERC20, ERC721, and ERC1155) from their Infinex account to any specified destination address.

Derive-1

Derive-1

6 issues
A decentralized protocol that creates unique and programmable onchain options, perpetuals, and structured products.
11/27/2024
0
0
0
Low
CQ
0
Info

We audited Staked Derive Token, an adapted and simplified fork contract of Camelot's XGrail token with the addition of partial delegation

SevenSeas-23

SevenSeas-23

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
11/27/2024
0
0
Med
0
0
0
0

Audited the AaveV3 and LombardBtc decoders, allowing boring vaults to claim rewards with AaveV3, as well as mint LBTC and swap CBBTC for LBTC.

Superstate-4

Superstate-4

12 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
11/18/2024
0
High
Med
Low
CQ
0
Info

Focus of the audit was on reviewing redemption fee logic for Superstate tokens, as well as verifying logic for obtaining Superstate tokens onchain. In addition, during audit we reviewed several smaller incremental changes across Superstate system components

SevenSeas-20

SevenSeas-20

5 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
11/13/2024
0
0
0
Low
CQ
0
0

We reviewed SevenSeas's Solana program – running on Eclipse.xyz – that holds deposited tokens to bridge to Ethereum mainnet via Hyperlane.xyz.

Rekt-2

Rekt-2

2 issues
A multi-industry company that offers drinks and beverages as well as NFT and radio services.
11/6/2024
0
0
0
0
CQ
Gas
0

We audited the token distribution contract that uses a merkle tree to validate claims for users to claim owed Rekt tokens.

Superstate-3

Superstate-3

10 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
11/4/2024
0
0
Med
Low
CQ
0
0

Audit scope included review of the custom real time price oracle for Superstate's tokens associated with different funds. Also we reviewed transition to upgradeable system contracts together with liquidation logic integration for Morpho project.

Kwenta-19

Kwenta-19

3 issues
A synthetic perpetuals trading platform
10/28/2024
Crit
0
Med
0
0
0
0

We audited functionality that added interacting with the new Zap contract allowing users to deposit, withdraw, unwind, and modify collateral utilizing Zap.

Infinex-12

Infinex-12

7 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
10/17/2024
0
0
0
Low
CQ
Gas
0

We reviewed the initial version of PatronVesting, which allows the owner to manage different tiers that define the conditions for users claiming their Patron NFTs.

Infinex-11

Infinex-11

17 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
10/17/2024
0
0
Med
Low
CQ
Gas
0

We reviewed RewardCampaign, which allows the owner to create campaigns where users can claim rewards based on pre-defined vesting entries.

SevenSeas-18

SevenSeas-18

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
10/16/2024
0
High
0
0
0
0
0

We reviewed various protocols and their associated decoders allowing boringVaults to integrate them, including Bitcorn, Usual Money, Satlayer, Frax staking, and Lido bridging. Additionally a new withdrawal queue and solver was audited, allowing for anyone to solve requests and trading shares from one boring vault for another.

thirdWeb-21

thirdWeb-21

8 issues
Web3 developer tooling
10/7/2024
0
High
Med
Low
CQ
0
0

We reviewed several changes to thirdweb's modular contracts, including support for signature-based minting and maxMintPerWallet limits for claimable modules. We also reviewed the Paymaster contract, which now accommodates payment tokens with non-standard decimal places.

Kodiak-2

Kodiak-2

24 issues
Berachain’s Native Liquidity Hub.
10/1/2024
0
High
Med
Low
CQ
Gas
Info
Infinex-9

Infinex-9

2 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
9/24/2024
Crit
0
Med
0
0
0
0

PatronNFT, a ERC721A NFT contract that utilizes new batch transfer functionality to allow for cheaper transfers of consecutive token ids, allowing for distribution of multiple tokens to cost less gas.

thirdWeb-20

thirdWeb-20

12 issues
Web3 developer tooling
9/24/2024
0
0
Med
Low
CQ
0
0

We reviewed the PayGateway contract that is now supporting thirdweb’s modular architecture. Additionally, we have reviewed changes on the Royalty modules, which have been changed to support the “creator token standard."

Heroglyphs-1

Heroglyphs-1

11 issues
Keeping Ethereum decentralized and cypherpunk.
9/19/2024
0
High
Med
Low
CQ
0
0

We audited GuessOurBlock contracts, a betting game that allows users to place bets on blocks that will be validated by a Heroglyphs validator, and include this ticker in their graffiti.

Zora-1

Zora-1

5 issues
An decentralized creator-focused NFT marketplace.
9/6/2024
0
0
Med
Low
CQ
Gas
0

We audited the Zora mints functionality, allowing for purchasing mints tokens which can be used to mint NFTs in the Zora protocol at a standard rate.

Kwenta-18

Kwenta-18

13 issues
A synthetic perpetuals trading platform
9/2/2024
Crit
High
Med
Low
CQ
0
0

We audited Kwenta's reimbursement contracts, which are used to reimburse users with high trade volume over the past 30 days. The audit also involved reviewing ZK-circuits written in Go using the Brevis service.

Infinex-8

Infinex-8

2 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
8/28/2024
0
0
0
0
CQ
Gas
0

We audited the Infinex Cardrun game, a card pack opening game using Pyth Entropy randomness requests to decide the card's content.

Infinex-6

Infinex-6

8 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
8/28/2024
0
0
0
Low
CQ
0
0

We audited Infinex Patron point of purchase, App, Beacon and Vaults contracts. Allowing users to use authorized signatures to access a Patron token purchase, register the proper on-chain receipt, and manage payments.

Orange-2

Orange-2

9 issues
A protocol for building trustless, decentralized, and portable reputation for Web3.
8/23/2024
0
0
0
Low
CQ
0
0

Reviewed Orange migration contract, a pre-audited and deployed contract previously used as a bridge repurposed for their token migration. Allows users to burn old tokens by providing a valid authorized signature and claiming their new tokens.

SevenSeas-16

SevenSeas-16

4 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
8/15/2024
0
High
0
0
0
0
Info

Audited new bridging integrations and a "Drone" contract controlled by the boring vault to allow interacting with protocols with multiple addresses when necessary.

Maple Finance-2

Maple Finance-2

3 issues
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
8/14/2024
0
0
0
Low
CQ
0
0

We audited the protocol token migration from the MPL token to the new Syrup token as part of Maple's upgrade. This includes the Syrup Merkle tree distribution, the MPLUserActions contract that facilitates user migration to Syrup and xSyrup, and the SyrupUserActions contract that allows syrupUSDC swaps into DAI or USDC. Additionally, minor changes to the fixed and open loan terms were added.

Infinex-5

Infinex-5

10 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
8/14/2024
0
0
Med
Low
CQ
0
0

We reviewed Infinex account changes with some refactors and two feature additions: Enabling users to sync their fund's recovery address using CCQ integration and direct CCTP bridging and recovery.

Kwenta-16

Kwenta-16

10 issues
A synthetic perpetuals trading platform
8/12/2024
0
0
Med
Low
CQ
0
Info

We audited Kwenta's MarginPaymaster contract, an ERC-4337-compliant custom Paymaster contract that optimistically sponsors transactions signed by a privileged actor, attempting to recoup gas costs in USDC or SNX-V3 margin.

Kwenta-17

Kwenta-17

2 issues
A synthetic perpetuals trading platform
7/26/2024
0
0
Med
0
0
0
0

Audited the update that added the ability to reward USDC along with KWENTA tokens in their staking contract.

Polynomial-3

Polynomial-3

1 issue
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
7/26/2024
0
0
Med
0
0
0
0

Reviewed the integration of bridging functionality with SocketDotTech's bridge, allowing USDC to be bridged to the polynomial network and simultaneously allow for the creation of polynomial accounts and staking of the bridged assets.

Inverter-1

Inverter-1

47 issues
A modular protocol for Primary Issuance Markets, enabling maximal value capture from token economies.
7/19/2024
0
High
Med
Low
CQ
Gas
Info

Inverter is a protocol and a modular framework for no-code solutions on Ethereum enabling customizable and dynamic token issuance and asset flow management. We have reviewed contracts related to core modules such as orchestrator and many use case specific modules handling staking, payments, authorization and many others.

TreasureDAO-6

TreasureDAO-6

7 issues
Gateway to the cross-game economy. Built for the Treasure ecosystem.
7/15/2024
0
0
0
Low
CQ
Gas
Info

Review of improvements for MagicSwap V2 (custom UniswapV2 DEX) and of Staking Rewards implementation contract.

SevenSeas-10

SevenSeas-10

2 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
7/10/2024
0
0
0
Low
0
0
0

Added decoders allowing bridging assets from boring vaults to and from Arbritrum and Optimism chains. Additionally added ability for vaults to interact with pancake swap v3.

SevenSeas-9

SevenSeas-9

3 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
7/10/2024
0
0
Med
Low
0
0
0

Added decoders to interact with the Reserve protocol through Into the Block's specialized position manager.

Superstate-2

Superstate-2

9 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
7/10/2024
0
0
Med
0
CQ
0
0

We performed a security review on the Superstate USTB repo, which mainly focused on USCC and SuperstateToken contracts, an allowlisted ERC20 token implementation with Permit and ERC-7246 encumbered balances extension.

Polynomial-2

Polynomial-2

5 issues
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
7/8/2024
0
0
Med
Low
CQ
0
0
Connext-7

Connext-7

9 issues
A modular interoperability protocol
7/3/2024
Crit
0
Med
Low
CQ
0
Info

System of contracts for providing multiple mechanisms for bridging XERC20 compatible tokens using the Arbitrum canonical bridge.

Superstate-1

Superstate-1

8 issues
Investment products that benefit from the speed, programmability, and compliance advantages of blockchain tokenization.
7/1/2024
0
0
Med
0
CQ
0
Info

We reviewed onchain redemption system relying on Chainlink price feed for exchanging USTB (Superstate token) for USDC. System features also several admin controlled configuration features.

Mintra-2

Mintra-2

20 issues
On-chain, fee-sharing, Pulsechain NFT app
6/27/2024
0
High
Med
Low
CQ
0
Info

We reviewed Mintra's ERC721 and ERC1155 collection contracts that support customization on maximum supply, time-boxed minting, fee logic, token gating, etc.

thirdWeb-19

thirdWeb-19

23 issues
Web3 developer tooling
6/27/2024
0
0
Med
Low
CQ
0
0

We reviewed Thirdweb's Modular Contracts framework, a set of core and extension contracts to support customization of minting, burning, token metadata, etc.

Infinex-4

Infinex-4

15 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
6/19/2024
0
High
Med
Low
CQ
0
0

We conducted an audit of the Curve App, focusing on the implementation of the app and its proper integration with Curve NG pools. We also reviewed changes in the management App Module in the core Infinex Account system.

Polynomial-1

Polynomial-1

5 issues
A decentralised derivative trading exchange powered by the Synthetix protocol on Optimism that allows leverage trading up to 50x.
6/17/2024
0
0
Med
Low
CQ
0
0

Reviewed this fork of Synthetix V3 with minor changes, and their cannon deployment scripts.

Cannon-1

Cannon-1

1 issue
A DevOps tool for building on Ethereum that manages protocol deployments on blockchains.
6/17/2024
0
0
0
Low
0
0
0

On-chain registry for software packages, similar to node. Users can register a package name, and give permissions to users to update packages. Usable on mainnet ethereum and optimism.

Shroom-1

Shroom-1

4 issues
Community currency token to reward user engagement in the r/MushroomPlanet subreddit
6/10/2024
0
High
0
0
CQ
0
Info

We audited the Shroom community currency token implementation, adding custom fee logic to the standard ERC-20 implementation using Thirdweb's audited contracts.

SevenSeas-8

SevenSeas-8

6 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
6/4/2024
0
0
0
Low
CQ
0
Info
Infinex-3

Infinex-3

14 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
5/24/2024
0
High
Med
0
CQ
0
Info

We reviewed Infinex's governance system, which is composed of a set of contracts used to elect council members and assign them to designated GnosisSafe wallets. Cross-chain communication is utilized to determine the voting power and propagate the elected members to different chains.

Orange-1

Orange-1

9 issues
A protocol for building trustless, decentralized, and portable reputation for Web3.
5/23/2024
0
0
Med
Low
CQ
0
Info
Compound-2

Compound-2

7 issues
Building infrastructure for the future of finance.
5/20/2024
0
0
0
Low
CQ
0
0

We audited Quark Wallets' new additions and modifications, which now support multi-Quark operations. Users can now sign multiple Quark operations or a single operation to be executed cross-chain. The new Paycall and Quotecall scripts were also audited in this round.

SevenSeas-6

SevenSeas-6

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
5/14/2024
0
0
Med
0
0
0
0
Titan Node-1

Titan Node-1

7 issues
Livepeer Video Mining Pool providing Transcoding and Staking services.
5/13/2024
0
0
0
Low
CQ
0
0

We reviewed the Titan Node PaymentStream contract, a streamlined payment management system that enables payees to claim ERC20 tokens released linearly over time. The contract also includes safeguard mechanisms allowing for the finalization of payments if necessary.

Infinex-2

Infinex-2

3 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
5/10/2024
0
High
0
Low
CQ
0
0

We conducted an audit of Infinex's Governance Points contract and its staking mechanism to reward users of Infinex accounts across the many chains they are deployed on.

Infinex-1

Infinex-1

20 issues
A user-friendly, secure cross-chain wallet currently supporting six EVM and non-EVM blockchains, including Ethereum and Solana.
5/10/2024
Crit
High
Med
Low
CQ
0
Info

We conducted an audit of Infinex Accounts, focusing on its innovative use of a proxy beacon, upgradable architecture with multiple modules, and customizable key management system. This design empowers users to manage their accounts independently without relying on external parties. Additionally, the upgradable structure allows for seamless implementation of new features and updating configuration parameters, provided users opt in.

Kodiak-1

Kodiak-1

10 issues
Berachain’s Native Liquidity Hub.
4/24/2024
0
0
Med
Low
CQ
0
Info
Illuvium-2

Illuvium-2

5 issues
A decentralised studio building an Interoperable Blockchain game universe on Ethereum.
4/24/2024
0
0
0
0
CQ
Gas
0

We reviewed a vesting contract that rewards users with ERC20 tokens based on a defined vesting tier.

thirdWeb-17

thirdWeb-17

5 issues
Web3 developer tooling
4/23/2024
0
0
0
0
CQ
0
0

We reviewed an update on Thirdweb's smart wallet contract to support Seaport bulk orders for EIP-1271.

SevenSeas-5

SevenSeas-5

1 issue
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
4/22/2024
0
0
0
0
0
0
Info
thirdWeb-18

thirdWeb-18

12 issues
Web3 developer tooling
4/5/2024
0
0
Med
Low
CQ
Gas
0

Review of thirdweb's Airdrop contract, which encompasses push, claimable, and signature-based airdrops in a single contract. We also audited the PaymentsGateway contract, a component of thirdweb Pay. It serves as the entry point for pay transactions and handles fee management, logging, and routing the transaction to the swap provider.

Illuvium-1

Illuvium-1

5 issues
A decentralised studio building an Interoperable Blockchain game universe on Ethereum.
3/28/2024
0
0
Med
0
CQ
0
0

We reviewed an UUPS upgradable ERC-20 implementation with role-based access control and pausing capability.

SevenSeas-4

SevenSeas-4

14 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
3/20/2024
0
0
Med
Low
CQ
0
Info

Audited a new vault protocol, the Boring Vault, which is a simplistic contract itself, but is managed by a contract that requires calls to be pre-approved via a merkle tree, and the vaults share exchange rate and withdrawals are managed and handled by the protocol.

SevenSeas-2

SevenSeas-2

4 issues
A collective of seasoned professionals in blockchain, data science, and finance committed to making crypto markets more efficient and transparent.
3/15/2024
0
High
0
Low
0
0
Info

Audited a Pendle adaptor and its corresponding Pendle pricing extension, to allow cellars to interact the Pendle protocol and hold various Pendle tokens as positions, including LP, YT, PT, and SY tokens.

Mento-3

Mento-3

12 issues
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
3/11/2024
0
High
Med
Low
CQ
0
Info

Audited an adjustment to the vote escrow curve function and adjustments to the governance contracts setup.

IDEX-B-1

IDEX-B-1

6 issues
DEX with leverage and gas-free trading
2/24/2024
0
0
Med
Low
CQ
0
0

Audit of changes made to the core protocol including margin requirement changes, support for pending deposit, a new EscrowContract has been added, support for quote token migration, and other minor refactors.

Connext-5

Connext-5

3 issues
A modular interoperability protocol
2/22/2024
0
0
0
Low
CQ
0
0

We reviewed the new Connext's connector for Scroll L2. Scope included both ScrollHubConnector and ScrollSpokeConnector contracts.

Covenant-1

Covenant-1

27 issues
Borrow and lend against any tokenized asset through liquid, tradeable debt markets.
2/21/2024
Crit
0
Med
Low
CQ
0
Info

Covenant is a decentralized, non-custodial debt market, built on perpetual debt. It is a lending protocol based on Aave architecture with interest rate calculation externalized to AMM markets for particular debt asset. Macro audited their core protocol implementation prior to their beta release.

Sommelier-16b

Sommelier-16b

17 issues
Automated DeFi yield optimization strategies
2/12/2024
0
High
Med
Low
CQ
Gas
0

Audited Sommelier's multichain contracts that allow assets to be shared between different chains using Chainlink's CCIP protocol. Additionally, we audited the Compound v3 adapter as well as the support for various staking adapters including EtherFi, KelpDAO, Lido, Renzo, Stader, Swell.

Patchwork-2

Patchwork-2

16 issues
Supercharge tokens, contracts, and addresses by layering rich blocks of interoperable, interconnected, interactive data on top of any onchain entity.
2/1/2024
0
High
Med
Low
CQ
0
0

Patchwork protocol was refactored and new functionality was added to the core system contract for managing and charging various fees related to different system operations. We have reviewed these changes and additional updates that were introduced to extract assignment functionality into a specific contract

Sommelier-16a

Sommelier-16a

12 issues
Automated DeFi yield optimization strategies
1/22/2024
0
High
Med
Low
CQ
Gas
Info

Audited the new addition to cellars to support multi-asset deposits as well as the support for MorphoBlue adapters.

Sommelier-15

Sommelier-15

1 issue
Automated DeFi yield optimization strategies
1/22/2024
0
0
Med
0
0
0
0

The ability to have a sequencer check was added to the price router to be used for cellars on layer 2 chains, preventing pricing when the sequencer is down.

Kwenta-12

Kwenta-12

2 issues
A synthetic perpetuals trading platform
1/17/2024
0
0
0
0
CQ
Gas
0

Audit of Zap, a contract that allows the feeless exchange of USDC to sUSD and vice versa via SynthetixV3 spot markets.

Kwenta-11

Kwenta-11

1 issue
A synthetic perpetuals trading platform
1/17/2024
0
0
0
0
CQ
0
0

Kwenta V3 smart margin contract was made upgradeable and implemented Zap functionality to exchange USDC to uUSD and back. The ability for USDC to be converted to sUSD and used as collateral, or have collateral be withdrawn and converted to USDC was added.

Mintra-1

Mintra-1

12 issues
On-chain, fee-sharing, Pulsechain NFT app
1/15/2024
0
0
0
0
CQ
Gas
0

Audit of Mintra’s marketplace contract, a fork of Thirdweb's direct listing marketplace, with changes being made to permissions, royalty logic, and support for bulk buy.

Mento-2

Mento-2

11 issues
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
1/9/2024
0
0
0
Low
CQ
Gas
0

Audited Mento's new governance contracts using vote escrowed mento tokens to vote, as well as a immutable factory to deploy and setup relevant contracts.

Compound-1

Compound-1

16 issues
Building infrastructure for the future of finance.
1/1/2024
0
High
Med
Low
CQ
Gas
0

We audited Compound Quark Wallet, a flexible, trustless, custom smart contract account that allows entitled users to execute Quark Operations through direct execution or signatures. The system design allows for any arbitrary code execution, deploying new scripts atomically during a Quark Operation execution or re-using deployed scripts. Additionally, we audited specific scripts, such as Ethcall, Multicall, UniswapFlashLoan, and UniswapFlashSwapExactOut.

Sommelier-14

Sommelier-14

16 issues
Automated DeFi yield optimization strategies
12/15/2023
0
High
Med
Low
CQ
Gas
Info

Audit of the following additions by Sommelier: A Curve adaptor and Convex curve adaptor allowing cellars to have a curve pool and Convex Curve positions. A pricing extension to price curve 2 pools. A slippage router to allow for deposits and withdrawals with specified slippage. A withdrawal queue, allowing users to specify withdrawal conditions and for a solver to bundle and execute withdrawal orders on their behalf.

Maple Finance-1

Maple Finance-1

18 issues
An institutional capital network that provides the infrastructure for credit experts to run on-chain lending businesses and connects institutional lenders and borrowers.
12/15/2023
0
0
Med
Low
CQ
0
Info

An audit of incremental updates to Maple V2 contracts packaged into the Q4 release. These included a new FIFO queue-based withdrawal manager submodule, a new pool permission manager submodule, and additional smaller changes and improvements for the rest of the system.

Kwenta-10

Kwenta-10

4 issues
A synthetic perpetuals trading platform
12/6/2023
0
0
Med
Low
CQ
0
Info

Kwenta made conditional orders payable with ETH, allowing deposits and withdraws of ETH used for payment. Integration with EIP7412 was also added to allow price oracles to be updated when needed via off-chain verification.

Farcaster-3

Farcaster-3

12 issues
A protocol for decentralized social apps
11/2/2023
0
0
0
Low
CQ
Gas
0

Audit of Farcaster v3.1 contracts. Updates implement new manager pattern to simplify future migrations, and adding additional mitigations to event spamming vectors

Sommelier-12

Sommelier-12

4 issues
Automated DeFi yield optimization strategies
10/27/2023
0
0
Med
Low
0
0
0

Audited the new Aura position adaptor, Curve and Redstone pricing extensions, and small updates to the Frax adaptors.

Connext-4

Connext-4

6 issues
A modular interoperability protocol
10/18/2023
0
0
0
Low
CQ
0
Info

Audited upgrades to support an optimistic system on Spoke Connectors.

thirdWeb-15

thirdWeb-15

17 issues
Web3 developer tooling
10/6/2023
0
0
Med
Low
CQ
Gas
0

Audited BurnToClaimERC721 as well as changes made to MarketplaceV3 since the previous audit.

Nori-4

Nori-4

6 issues
Carbon removal marketplace
10/2/2023
0
0
Med
0
CQ
Gas
0

Finished the second part of auditing core Nori contracts such as Market, Certificate, Removal, RestrictedNORI, and library helpers

Kwenta-9

Kwenta-9

3 issues
A synthetic perpetuals trading platform
9/29/2023
0
0
0
0
CQ
Gas
0

Small audit to review addition of a command that allows callers to update Synthetix keeper fee.

Patchwork-1

Patchwork-1

19 issues
Supercharge tokens, contracts, and addresses by layering rich blocks of interoperable, interconnected, interactive data on top of any onchain entity.
9/27/2023
0
High
Med
Low
CQ
0
0

Patchwork protocol enables new onchain use cases by defining and utilising new composition capabilities for ERC721 and ERC1155 tokens. We have reviewed a contract which enforces compliance and manages token transfers with these extra capabilities, including additional access controlled functionality for enabling cross token associations. In addition we have performed review of a set of abstract contracts that are meant to be inherited and reused for implementing specific token composition behaviors in a Patchwork compliant way.

Endaoment-2

Endaoment-2

8 issues
A grantmaking foundation supporting every kind of giving, built entirely onchain.
9/22/2023
0
0
0
Low
CQ
Gas
0

Audited an update to the Aave, Yearn, and Compound portfolios to inherit from the updated Portfolio contract.

PoolTogether-1

PoolTogether-1

39 issues
A decentralized prize savings protocol
9/19/2023
Crit
High
Med
Low
CQ
Gas
Info

Audited V5 Prize Pool and V5 TWAB Controller contracts.

Kwenta-8

Kwenta-8

11 issues
A synthetic perpetuals trading platform
9/19/2023
0
High
Med
Low
CQ
Gas
Info

Audit of Kwenta's Smart Margin v3 contract, which leverages Synthetix v3's account-based architecture and offers improved tools for trading Synthetix derivatives.

Kwenta-7

Kwenta-7

11 issues
A synthetic perpetuals trading platform
9/19/2023
0
0
Med
Low
CQ
Gas
0

Audit of the V2 version of Kwenta's staking rewards and rewards escrow contracts, as well as V1 -> V2 escrow migrator contract.

Sommelier-11

Sommelier-11

8 issues
Automated DeFi yield optimization strategies
8/30/2023
0
0
Med
Low
CQ
Gas
0

Audited the addition of Frax collateral and debt adaptors, and changes to the AxelarProxy contract.

Farcaster-2

Farcaster-2

1 issue
A protocol for decentralized social apps
8/29/2023
0
0
0
0
CQ
0
0

Audit of two new features in the KeyRegistry and IdRegistry contracts.

thirdWeb-14

thirdWeb-14

22 issues
Web3 developer tooling
8/21/2023
Crit
High
Med
Low
CQ
Gas
0

Audited the EvolvingNFT and LoyaltyPoints contracts, as well as changes to the smart contract wallet account contracts and their factories.

Farcaster-1

Farcaster-1

17 issues
A protocol for decentralized social apps
8/18/2023
0
0
Med
Low
CQ
0
0

Audit of Farcaster's core L1 and L2 contracts.

Mento-1

Mento-1

14 issues
A decentralized and transparent stable value asset protocol (including stablecoins) on the Celo blockchain
8/17/2023
0
High
Med
Low
CQ
0
0

Audited multiple contracts for the v2.2 Mento protocol release. Adding Oracle circuit breakers and updating the constant sum pricing module, pool manager, and a new and simpler ERC20 token implementation for stable tokens.

Sommelier-9

Sommelier-9

11 issues
Automated DeFi yield optimization strategies
8/4/2023
0
High
Med
Low
CQ
0
Info

Audited the addition of the SharePriceOracle contract that uses Chainlink automation to update the share price of a cellar in order to reduce gas costs and lower share price volatility, as well as cellars that integrate this oracle.

Kwenta-6

Kwenta-6

5 issues
A synthetic perpetuals trading platform
7/21/2023
0
0
0
0
CQ
Gas
Info

Audit of smart-margin V2.10 on the code changes from the prior audit of smart-margin V2.02, including a command that allows whitelisted token swaps to and from sUSD.

IDEX-1

IDEX-1

19 issues
DEX with leverage and gas-free trading
7/21/2023
0
0
Med
Low
CQ
0
Info

We audited the core smart contracts, including their exchange and governance protocols.

Connext-2

Connext-2

37 issues
A modular interoperability protocol
7/12/2023
0
High
Med
Low
CQ
0
Info

Audit scope included, among other things, new connectors to support additional chains, templatized IXReceiver contracts, updates to the Optimism connector to support Bedrock, and adding initial implementation of Optimistic roots to avoid the direct use of AMBs to propagate messages to the RootManage.

Connext-3

Connext-3

4 issues
A modular interoperability protocol
7/6/2023
0
0
0
0
CQ
0
0

Audit of Wormhole hub and spoke connectors.

Bitcone-1

Bitcone-1

3 issues
ERC20 token for the Coneheads community
7/6/2023
0
0
0
0
0
0
Info

We audited Bitcone's ERC20 token contract deployed on the Polygon blockchain.

thirdWeb-13

thirdWeb-13

8 issues
Web3 developer tooling
6/30/2023
0
High
Med
0
CQ
0
Info

We audited two new contracts being deployed by thirdWeb: Dynamic Drops and Loyalty Cards.

Sommelier-8

Sommelier-8

17 issues
Automated DeFi yield optimization strategies
6/28/2023
0
0
Med
Low
CQ
Gas
Info

Audited the updated PriceRouter to include pricing extensions as well as the corresponding price extensions for balancer pools and lido wsETH. Added Frax and Morpho position adapters, as well as using Axelar to bridge transaction from the sommelier chain.

Citadel-3

Citadel-3

8 issues
A fully on-chain game
6/26/2023
0
0
0
Low
CQ
Gas
0

We audited minor refactors, a new auth strategy for delegatecash, and improved events among other things

Kwenta-5

Kwenta-5

4 issues
A synthetic perpetuals trading platform
6/22/2023
0
0
0
0
CQ
0
Info

Re-audited Kwenta's accounts and events functionality.

Fuji-1

Fuji-1

49 issues
A cross-chain money market aggregator optimizing lending and borrowing positions
6/21/2023
Crit
High
Med
Low
CQ
Gas
Info

We reviewed Fuji's full platform, including their lending, cross-chain, and permits functionality.

Tales-Of-Elleria-1

Tales-Of-Elleria-1

18 issues
3D role-playing GameFi project
6/19/2023
0
High
Med
Low
CQ
Gas
0

We audited their staking and bridge contracts that are used to manage staking and rewards logic.

thirdWeb-12

thirdWeb-12

15 issues
Web3 developer tooling
6/15/2023
0
High
Med
Low
CQ
Gas
0

Audit of two separate features, the Smart Accounts and Open Edition ERC-721 Accounts.

Glo-1

Glo-1

4 issues
A stablecoin supported by the Glo Foundation.
5/25/2023
0
0
0
Low
CQ
Gas
0

We reviewed the token contract, including access controls and core ERC-20 functionality.

Kwenta-4

Kwenta-4

17 issues
A synthetic perpetuals trading platform
5/4/2023
0
0
Med
Low
CQ
Gas
0

We audited the Kwenta smart margin accounts functionality and related contracts.

thirdWeb-11

thirdWeb-11

8 issues
Web3 developer tooling
4/24/2023
0
0
Med
0
CQ
Gas
0

We audited two separate features for thirdWeb, including PackVFR and the Extension Registry contracts.

Sommelier-7

Sommelier-7

7 issues
Automated DeFi yield optimization strategies
4/4/2023
Crit
High
Med
0
CQ
0
Info

The Cellar, Registry, CellarFactory, PriceRouter, and SwapRouter contracts were audited, as well as position adaptors integrating Aave, compound, uniswapV3, one inch and 0x.

Bueno.art-2

Bueno.art-2

16 issues
No-code NFT generation and deployment
3/31/2023
Crit
High
Med
Low
CQ
Gas
Info

Audit of Bueno.art's deployed 1155Drop contract deployed on Ethereum, as well as the clone factory contract used to deploy the 1155Drop contract.

Bueno.art-3

Bueno.art-3

5 issues
No-code NFT generation and deployment
3/31/2023
0
0
0
Low
CQ
0
0

We audited Bueno.art's deployed 1155Drop contract, specifically looking at the differences between solidity contracts and the deployed version on Ethereum mainnet referenced in the previous Bueno.art audit.

TreasureDAO-3

TreasureDAO-3

32 issues
Gateway to the cross-game economy. Built for the Treasure ecosystem.
3/27/2023
0
High
Med
Low
CQ
0
0

System for fractionalizing NFTs using custom Nft Vaults and providing liquidity by relying on customized UniswapV2 DEX.

thirdWeb-9

thirdWeb-9

13 issues
Web3 developer tooling
3/13/2023
0
High
Med
Low
CQ
Gas
0

Audit of thirdWeb's Airdrop and Multichain Registry functionality.

Synthetix-1

Synthetix-1

13 issues
DeFi liquidity layer
3/2/2023
0
High
Med
0
CQ
Gas
0

Macro audited three separate parts of the Synthetix V3 infrastructure: ERC standard tokens (20 and 721), Hardhat Router and Hardhat Storage

Synthetix-2

Synthetix-2

5 issues
DeFi liquidity layer
3/2/2023
0
High
0
0
CQ
0
0

We audited the Synthetix V3 contracts, specifically focusing on the core functionaltiy of the Synthetix V3 protocol.

Synthetix-3

Synthetix-3

13 issues
DeFi liquidity layer
3/2/2023
0
High
Med
Low
CQ
0
Info

Re-audit of the Synthetix V3 contracts, specifically focusing on the core functionaltiy of the Synthetix V3 protocol. This was a second audit of similar functionality that was reviewed in the Synthetix-2 audit.

thirdWeb-10

thirdWeb-10

9 issues
Web3 developer tooling
3/1/2023
0
High
Med
Low
CQ
Gas
Info

We audited a collection of token extensions related to ERC721 tokens. This included functionality for ownership, permissions, sales, royalties, and more. We also reviewed the routing functionality for the contract.

The-Graph-1

The-Graph-1

16 issues
Blockchain indexing and query protocol.
2/24/2023
0
High
Med
Low
CQ
Gas
Info

Audit of The Graph's subscription contract, which allows users to pay for their service with ETH for their services

Sommelier-5

Sommelier-5

4 issues
Automated DeFi yield optimization strategies
2/20/2023
0
High
0
0
CQ
0
0

Audited their Euler Debt and E token adapters.

Nori-2

Nori-2

8 issues
Carbon removal marketplace
2/14/2023
0
0
Med
Low
CQ
0
Info

We re-audited Nori's core contracts, which are used to manage their carbon offsetting platform.

xDonations-1

xDonations-1

6 issues
A Connext project allowing NGOs to fundraise via on-chain cryptocurrency donations
2/10/2023
0
High
0
Low
CQ
Gas
Info

Audit of the xDonations donation contract.

Arcade-2

Arcade-2

25 issues
P2P Loan Protocol for NFTs
2/6/2023
Crit
High
Med
Low
CQ
Gas
Info

Our review included their core protocol and market contracts.

Connext-1

Connext-1

28 issues
A modular interoperability protocol
1/31/2023
Crit
High
Med
Low
CQ
Gas
0

We audited Connext's messaging layer contracts, responsible for coordinating state updates between various Connext modules.

thirdWeb-8

thirdWeb-8

8 issues
Web3 developer tooling
1/30/2023
Crit
High
Med
Low
CQ
0
0

Audit of their wallet accounts and signature drop 1155 contracts.

Double-1

Double-1

12 issues
A DeFi primitive for AMM liquidity providing
1/20/2023
0
High
Med
Low
CQ
Gas
Info

Audited Double core vaults, reward distribution, and UniswapV2 liquidity provider and migratory contracts

mStable-1

mStable-1

17 issues
Stablecoin yield aggregator
1/11/2023
0
High
Med
Low
CQ
Gas
Info

Audit of mStable's MetaVaults, which are based on EIP-4626 vaults. We reviewed the underlying logic that allows users to deposit and withdraw assets from these vaults.

Sommelier-4

Sommelier-4

22 issues
Automated DeFi yield optimization strategies
1/11/2023
0
High
Med
Low
CQ
0
0

Audited the core Sommelier contracts, including the contract factory, router, staking, and 3rd party integrations.

Maker-1

Maker-1

15 issues
Decentralized stablecoin and lending protocol
12/22/2022
0
0
Med
Low
CQ
0
Info

Audit of MakerDAO's dss-kiln module, which is used to manage liquidations. We reviewed its core functionality, including the mathematical logic underlying the liquidations functions.

Nori-1

Nori-1

27 issues
Carbon removal marketplace
12/13/2022
0
High
Med
Low
CQ
Gas
0

We audited Nori's core contracts, which are used to manage their carbon offsetting platform. This included access controls, bridging functionality and certificate minting functions.

Bueno.art-1

Bueno.art-1

17 issues
No-code NFT generation and deployment
12/8/2022
0
High
Med
Low
CQ
Gas
0

Audit of Bueno.art's deployed 721Drop contract on Polygon, including their contract proxy and administrative functions.

thirdWeb-7

thirdWeb-7

18 issues
Web3 developer tooling
12/7/2022
Crit
High
Med
Low
CQ
Gas
0

We audited three new staking contracts for thirdweb: TokenStake, a contract for staking ERC20 tokens; NFTStake, a contract for staking ERC721 NFTs; and EditionStake, a contract for staking ERC1155 tokens. Each contract supports configurable staking rewards.

Citadel-1

Citadel-1

74 issues
A fully on-chain game
12/2/2022
Crit
High
Med
Low
CQ
Gas
Info

We audited their main contracts, ZK ConstructionBay contract and Deployment scripts.

thirdWeb-6

thirdWeb-6

15 issues
Web3 developer tooling
11/17/2022
Crit
High
Med
Low
CQ
Gas
0

Audit of Marketplace and TieredDrop contracts.

thirdWeb-5

thirdWeb-5

3 issues
Web3 developer tooling
11/11/2022
0
0
Med
0
CQ
0
0

Audit of their ERC20, ERC721 and ERC1155 drop contracts.

PartyDAO-1

PartyDAO-1

16 issues
Multiplayer crypto software
10/31/2022
0
High
Med
Low
CQ
Gas
Info

Audit of PartDAO's core contracts, which are used to manage their governance and treasury.

Kwenta-3

Kwenta-3

8 issues
A synthetic perpetuals trading platform
10/19/2022
0
High
Med
Low
CQ
Gas
0

Audit of the smart margin contracts, including the future's market and interfaces.

Sommelier-3

Sommelier-3

37 issues
Automated DeFi yield optimization strategies
10/7/2022
0
High
Med
Low
CQ
0
Info

Macro is excited to continue its ongoing engagement with Sommelier Finance as they realize their vision of algorithmic, automated DeFi yield optimization strategies. Cellars support dynamic management and balancing across multiple asset types: ERC20s, other ERC4626s, and other Cellars – which are themselves ERC4626 vaults. They utilize governance and control mechanisms for management; Uniswap V2/V3 for asset rebalancing; and Chainlink price oracles for asset valuation.

thirdWeb-4

thirdWeb-4

12 issues
Web3 developer tooling
9/29/2022
Crit
0
Med
Low
CQ
Gas
Info

Audit of their ERC20, ERC721 and ERC1155 token contracts.

thirdWeb-3

thirdWeb-3

17 issues
Web3 developer tooling
8/19/2022
0
High
Med
Low
CQ
0
Info

We audited thirdWeb's Pack functionality and subsequent extensions and interfaces for the contract.

thirdWeb-2

thirdWeb-2

19 issues
Web3 developer tooling
6/17/2022
0
High
0
Low
CQ
Gas
0

We audited three new exciting features for thirdweb: Multiwrap, a contract that allows transferring and trading of multiple assets as a single unit; DropERC1155, a contract that allows users to easily mint multiple sets of NFTs with no redeployment; and SignatureDrop, a contract that allows facilitating both drops and mints via signatures.