MetaVault V2
Summary
**After first audit:** Quantstamp has performed a security review of the yAxis Metavault V2. During this review we have not uncovered any high severity vulnerabilities. We have detected 15 vulnerabilities of Medium and lower severity levels, as well as 6 best practice issues, missing tests and code comments. It is recommended to address these issues before deploying the system in production. <br><br> **After reaudit:** The report has been updated based on the fixes performed in commit `d742367`. Even though the summary below indicates that most items have been Acknowledged, we note that this is mainly due to the issues found in the `yAxisMetavault` contract. Most of the issues found in other contracts have been resolved as indicated in the sub-items of each of the detailed finding descriptions on the following pages of this report. For those findings which were partially fixed, we have indicated the status per sub-item in the enumeration. We have also indicated "Updates from the dev team" for each finding under the "Recommendation". Best practice issues, missing tests and code comment issues have not been resolved. <br><br> **Note:** Only the files listed in the Appendix of this audit report were in scope for the audit and the reaudit. The following files were out of scope and were not audited: 1. `contracts/metavault/strategies/StrategyFlamIncome.sol` 2. `contracts/metavault/strategies/StrategyGenericVault.sol` 3. `contracts/metavault/strategies/StrategyIdle.sol` 4. `contracts/metavault/strategies/StrategyYearnV2.sol ` 5. `contracts/metavault/strategies/StrategydYdXSoloMargin.
Issues (16)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 11 | 2 | 1 | - | 14 |
Fixed | 2 | - | - | - | 2 |
| Total | 13 | 2 | 1 | 0 | 16 |