Security Testing Report for Radiant V2


Radiant V2 is a cross-chain DeFi lending protocol developed by Radiant Capital. Radiant Capital has engaged us to perform security testing (as the red team) on the smart contracts of Radiant V2 to identify potential risks. Demonstrating their commitment to security, Radiant Capital has invested additional effort into safeguarding these smart contracts, which have already undergone audits by several security firms.

We adopted a multifaceted approach that included static analysis, dynamic analysis, semi-automatic, and manual verification to detect potential security issues. It is important to note that security testing differs from a security audit in terms of objectives and scope. Security testing specifically seeks to uncover vulnerabilities by simulating attacker behavior to breach the system, whereas a security audit provides a more comprehensive assessment of security by systematically identifying possible attack vectors. Consequently, security testing may not reveal some complex logical bugs that a security audit could identify due to time and resource constraints.

In conclusion, our findings reveal several high-risk issues within the codebase that demand immediate resolution. We have also pinpointed other less critical concerns and provided security enhancement recommendations. The Radiant team has swiftly addressed the issues we discovered. It is crucial to recognize that our evaluation pertains solely to the final reported versions of the codebase. Any changes made after our review would necessitate a new assessment.


In total, we find 17 potential issues in the smart contract. We also have 3 recommendations and 1 notes, as follows:

High Risk: 2
Medium Risk: 8
Low Risk: 7
Recommendation: 3
Note: 1
ID Severity Description Category Status
1 Medium No Reserved Interface for Resetting Function Pointers Software Security Fixed
2 Medium Improper Calculation of the Oracle DeFi Security Fixed
3 High Potential Drain of Funds through BaseBounty DeFi Security Fixed
4 Low Potential Invalid Emission Schedules DeFi Security Fixed
5 Low Skippable Emission schedules DeFi Security Confirmed
6 Medium Changeable Exchange Rate during Migration DeFi Security Fixed
7 High Improper Implementation of _transfer() (I) DeFi Security Fixed
8 Low Lack of Check on Period in UniV2TwapOracle DeFi Security Fixed
9 Medium Non-Refundable Dust Tokens DeFi Security Fixed
10 Medium Improper Implementation of _transfer() (II) DeFi Security Fixed
11 Medium Manipulatable Compound Rewards DeFi Security Fixed
12 Medium Lack of Access Control in setLeverager() DeFi Security Fixed
13 Medium No Slippage Check in addLiquidityWETHOnly() DeFi Security Confirmed
14 Low Lack of Check of borrowRatio in loopETH() DeFi Security Fixed
15 Low Lack of Check of Length between assets and poolIDs in setPoolIDs() DeFi Security Fixed
16 Low Lack of mint Privilege Revoke in addBountyContract() DeFi Security Confirmed
17 Low Minters Can Only be Assigned Once DeFi Security Confirmed
18 - Gas Optimization (zapVestingToLp() in Mfd) Recommendation Fixed
19 - Non-empty Bounty Reserve in BountyManager Recommendation Fixed
20 - Inconsistent Naming in requiredUsdValue() Recommendation Confirmed
21 - Depreciated MFDPlus Note Confirmed

More details are provided in the audit report.

Take the first step towards a secure future

Reach out now for BlockSec's expert code audit services, elevate the security of your protocol before it goes live!