background
logo

Security Audit Report for Alpaca Delta Neutral Vault

DESCRIPTION

The Alpaca Finance is a leveraged yield farming and liquidity providing protocol running on Binance Smart Chain (BSC) and Fantom. The audited implementation extends the previous version by adding the support of a new Delta Neutral Vault and its associated workers, including the workers that support MDEX and PancakeSwap. Note the Delta Neutral Vault is designed to take a long and short position in an asset at the same time to cancel out the effect on the outstanding portfolio when the asset’s price moves.

The core contracts covered in this audit include the contracts for the Delta Neutral Vault implementation in the code repository. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. Please note that external dependencies are assumed reliable and are therefore excluded from the audit scope.

Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.

In summary, we have found that the codebase contains several high-risk issues that require prompt attention. In addition, we have identified other non-critical issues as well as security suggestions that should be considered. The Alpaca Finance team has addressed these issues promptly. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.

KEY FINDINGS

In total, we find 7 potential issues in the smart contract. We also have 3 recommendations and 0 notes, as follows:

High Risk: 1
Medium Risk: 2
Low Risk: 4
Recommendation: 3
Note: 0
ID Severity Description Category Status
1 Medium Potential Precision Loss Software Security Fixed
2 Low Unreturned Values Software Security Fixed
3 Low Unchecked Initialization Parameters Software Security Fixed
4 High Unlimited Withdraw Value DeFi Security Fixed
5 Low Potential Locking of Native Tokens DeFi Security Fixed
6 Medium Unchecked Price DeFi Security Fixed
7 Low Potential Locked Tokens DeFi Security Acknowledged
8 - Avoiding Duplicated Calculations Recommendation Fixed
9 - Avoiding Inconsistency Checks in the Worker Contracts Recommendation Fixed
10 - Considering the Impact of Transaction Ordering Dependency Recommendation Acknowledged

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!