Venus Income Allocation
Summary
This audit covered an upgrade to the Venus Protocol that is responsible for distributing the incomes generated by the protocol. Venus Protocol is a DeFi protocol deployed on the BNB chain, which combines stablecoin minting and algorithmic money markets. To achieve this goal, changes had to be made across multiple contracts and introduce new accumulator contracts along with a control flow upgrade to an immutable contract. The following changes were covered in this audit: 1. Upgrades have been made to VToken contracts for the core and isolated pools, where the income from spread and liquidations is now sent to the Protocol Share Reserve contract. 2. The VBNBAdmin contract has been introduced to handle BNB income, wrap it, and send it to the Protocol Share Reserve contract. 3. The Protocol Share Reserve contract has been introduced to receive this income from multiple sources and distribute it based on certain upgradable ratios. Overall, the code is well written and has good documentation. The test coverage varies along with the test suite between different parts of the project. The main concerns highlighted in this report are based on potential Denial of Service due to function invocation of arbitrary addresses, see VEN-2, VEN-5, and VEN-12; non-standard tokens leading to accountancy issues, see VEN-1 and other individual low concerns mainly across the newly developed contracts. The audit team has strictly covered the files that are in the Scope section and any other files or system was not in the scope of this audit. It is highly recommended for the Venus team to address all the issues highlighted in this report. **Fix Review Update** Venus protocol team has either fixed or acknowledged all the issues highlighted in the report.
