RariCapital V2
Summary
**After audit:** Quantstamp has identified several issues spanning over all severity levels, in the `rari-contracts` code base. Some of these issues contain sub-points which indicate that the respective issues has several instances in the code. In addition to the identified issues one of the most concerning aspects are related to tests, namely that 1 of the tests consistently failed even after several tries and that we were not able to determine the code coverage of the test suite. However, we were able to identify a modest number of 61 assertions in the test files, which indicates that not all of the functionality is accurately tested. Moreover, we have identified 23 TODOs, which indicate tests yet to be written. It is of utmost importance for any production ready project to have a code coverage as close as possible to 100% and a high number of assertions in order to ensure that all the functionality of the smart contracts has been tested. Finally, several deviations from best practices and code documentation issues were found during the audit. We strongly recommend that all of these issues be addressed before deploying the code on the Ethereum mainnet. <br><br> **After 1st reaudit:** Quantstamp has performed a reaudit of the existing code base and an audit of the newly added features. All of the previously identified issues were either resolved (8 issues) or acknowledged (6 issues). All tests are currently passing. Additionally, 3 new issues were identified. The new issues (from QSP-15 to QSP-17) were added at the end of the list of existing issues. <br><br> **After 2nd reaudit:** Quantstamp has performed a reaudit of the existing code base and an audit of 3 new repositories, namely `rari-yield-pool-contracts`, `rari-ethereum-pool-fund` and `rari-governance-contracts`. All of the previously identified issues were either resolved (12 issues) or acknowledged (5 issues). New issues have also been identified, which are listed at the end of the findings list, starting with QSP-18. These range across all levels of severity and should be fixed as soon as possible. <br><br> **After 3rd reaudit:** Quantstamp has performed a reaudit of all 4 repositories which were previously audited. The report has been updated accordingly. We recommend addressing all features marked as Acknowledged as soon as possible. Note that during this reaudit we only checked the fixes to the issues we had discovered in the previous commit and have not looked at newly added features. <br><br> **After 4th reaudit:** Several new issues were found as listed below (see QSP-34 -- QSP-41, and extensions to the best practices and code documentation sections). Additionally, we were unable to successfully run all test suites due to various failures. We recommend expanding the documentation in the README, and in particular making explicit all variables that must be set in the `.env` file. <br><br> **After 5th reaudit:** The report has been updated for new commits: `rari-stable-pool-contracts` (`feaa246`), `rari-yield-pool-contracts` (`479a346`), `rari-ethereum-pool-contracts` (`75fb256`), `rari-governance-contracts` (`83238f7`). Previous issues have been resolved or acknowledged. Note that the updated report only pertains to fixes related to the previous report.
Issues (41)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 21 | 2 | - | - | 23 |
Fixed | 11 | 4 | 3 | - | 18 |
| Total | 32 | 6 | 3 | 0 | 41 |