Fragmetric Liquid Restaking Program
Summary
Fragmetric is a decentralized liquid restaking program deployed on the Solana blockchain. Fragmetric enables users to deposit SOL or supported tokens into the protocol and receive minted receipt tokens in return. Once SOL or supported tokens are deposited into the Fragmetric fund account, user funds are staked into various restaking vaults to generate rewards. Quantstamp was tasked with a time-boxed review of Fragmetric's second iteration of their restaking contracts. Specifically, the `fund`, `normalization`, `pricing`, `staking`, `restaking`, and `swap` modules were reviewed to identify deviations from the project specification, potential vulnerabilities, and proper integrations with external protocols. All external protocols and the `reward` module were considered out of scope for this review. Due to the constrained time for this review and the large size of the codebase, the audit team could not perform a comprehensive audit of the codebase. Therefore, uncaught bugs or vulnerabilities may remain in the code. The codebase submitted for review was high-quality and included a thorough test suite with sufficient coverage metrics. However, due to the protocol's iterative development process, portions of the external documentation were outdated and differed from the reviewed code. The Fragmetric development team significantly clarified complex areas of the codebase and provided reasoning for design decisions. During the review, the audit team did not identify any critical or notable issues; however, the report lists one low-severity issue, two informational issues, and four auditor suggestions for adhering to best practices. Once all development is complete, the audit team highly recommends a comprehensive audit of the entire Fragmetric codebase. **Fix Review** The Fragmetric team has chosen to acknowledge all of the issues and auditor suggestions in this report. The commit used for the initial audit is the same as the final commit. We have determined this is acceptable because the issues are configuration-dependent and do not affect their current deployment. The issues should be taken into consideration if another team were to fork this project.
Issues (3)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 3 | - | - | - | 3 |
Fixed | - | - | - | - | 0 |
| Total | 3 | 0 | 0 | 0 | 3 |