Solv Protocol- Vault Guardian
Summary
In this audit, we reviewed Solv's Vault Guardian implementation. This Guard provides additional functionality to Solv's Safe multisig by limiting what functions can be invoked on what contracts as well as what tokens can be transferred or approved. These protections are enforced through Authorizations that are added to the Guard that will revert the transaction if any non-approved actions are invoked on the Safe. Currently, the Guard supports integrations with GMXV1, GMXV2, Solv Funds, Agni and Lendle. Also, they support Cobo Argus tooling which allows for roles to be created and added to the Safe. We identified 2 high severity issues during the audit that were made possible by inadequate authorization checks. Representing the Authorizations as mappings from the target address to the Authorization itself can solve both of these issues. The third high severity issue we found is due to the insufficient test suite. As the Solv developers are the individuals most knowledgeable of the code base, unit tests should be included to confirm intended functionality. Coverage is very low with tests missing for the Agni, GMXV1, Cobo Argus and Lendle Authorizations. During the fix review, we strongly encourage the team to provide an updated test suite with improved coverage and testing of all interactions with their integrations. Solv's team was very responsive and helpful throughout the audit. We would like to applaud their commitment to security. **Fix Review** The Solv team has fixed or acknowledged all issues with sufficient reasoning. SOLV-5 remains mitigated, as Safe 1.3 and Safe 1.4 do not offer support for Guard checks when transactions are invoked through a module. The Solv team is aware of this and is planning on keeping module integration disabled until Safe 1.5 release. We are also pleased to see a significant improvement to the test suite. SOLV-3 provides more details on specifics for future improvement. We applaud Solv's commitment to security.
