Security Audit Report for Magpie Radpie


Magpie launched Radpie, a yield optimization protocol built upon Radiant. Users could deposit their assets on Radpie to earn enhanced yields.

This audit only covers the contracts listed in the report from the code repository. The iterative audit covers the code in the initial version, as well as subsequent versions to fix discovered issues, as detailed in our audit report. During this audit, our presumption is that the dependencies from Radiant are both reliable and secure and therefore excluded from this audit scope.

Our audit methodology employs automated vulnerability scans, manual verification, and business logic analysis to uncover potential security issues coupled with gas and code quality optimization recommendations.

In summary, we have found that the codebase contains several high-risk issues that require prompt attention. In addition, we have identified other non-critical issues as well as security suggestions that should be considered. The Magpie team has addressed the discovered issues promptly. It is important to note that our audit covers only the final reported versions of the codebase. Any subsequent updates would require a re-evaluation.


In total, we find 13 potential issues in the smart contract. We also have 5 recommendations and 7 notes, as follows:

High Risk: 5
Medium Risk: 6
Low Risk: 2
Recommendation: 5
Note: 7
ID Severity Description Category Status
1 High Inconsistent address parameter Software Security Fixed
2 High Potential reverts in the _refundETH function Software Security Fixed
3 High Incorrect parameter in the _harvestDlpRewards function Software Security Fixed
4 Medium Incorrect return value of the assetPerShare function Software Security Fixed
5 Low Potential DoS risk in the claim function Software Security Confirmed
6 Low Potential overwriting on existing poolInfo Software Security Fixed
7 High Double-counting rewards DeFi Security Fixed
8 High Incorrect _onlyWhiteListed modifier DeFi Security Fixed
9 Medium Lack of duplicate checks for function arguments DeFi Security Fixed
10 Medium Incorrect fee removal logic DeFi Security Confirmed
11 Medium Lack of sanity check on total fee DeFi Security Confirmed
12 Medium Unclaimable rewards due to rewarder modification DeFi Security Fixed
13 Medium Lack of health check DeFi Security Fixed
14 - Remove unused variable Recommendation Fixed
15 - Remove redundant check in the \_sendRewards function Recommendation Fixed
16 - Prevent multiple native tokens Recommendation Fixed
17 - Prevent accidental native token transfers Recommendation Fixed
18 - Avoid incorrect assignment Recommendation Fixed
19 - The protocol will not support deflation/inflation tokens Note -
20 - Potential centralization risk Note -
21 - Periodic invocation of batchHarvestDlpRewards Note -
22 - Periodic invocation of batchHarvestEntitledRDNT Note -
23 - Ensure initial TVL in RadiantStaking pools Note -
24 - The initialization of vdToken balance Note -
25 - Periodic invocation of accrueStreamingFee Note -

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!