Scope of the security audit of mStable's new Meta Vaults by Hacken, September 2022.
All code is in the metavaults private repository with tag v0.0.1.
All contract are under the contracts folder.
- interfaces contract interfaces.
- peripheral
- Convex are just interfaces.
- CowSwap interface and CowSwapSeller contract.
- Curve are interfaces, libraries and contracts.
- OneInch are just interfaces.
- token all in scope.
- vault all in scope.
Any contracts in the following are out of scope as they have previously been audited or are just used for testing.
- governance all out of scope as perviously audited.
- nexus all out of scope as perviously audited.
- upgradability all out of scope as perviously audited.
- z_mocks are just used for unit testing.
- OpenZeppelin is used for ERC20 tokens, access control, initialization, reentry protection, proxies, casting and math operations.
- Curve Finance
- Convex Finance
- Cowswap may be used for swapping Convex reward tokens (CRV and CVX) to DAI, USDC or USDT.
- 1Inch's Aggregation Protocol may be used for swapping Convex reward tokens (CRV and CVX) to DAI, USDC or USDT.