Liquid Collective Lceth
Summary
This audit examines the daemons of the Liquid Collective project, which includes three daemons: exit, keeper, and oracle. The oracle daemon is responsible for submitting reports to synchronize the consensus layer data with the contract (execution layer). The keeper daemon assists in triggering deposits to the consensus layer and requesting exit functions in the contract. Operated by the operators, the exit daemon informs the server via webhook or API about specific validators that the operator should exit. In our review, we found the project's code to be well-structured and easy to read, with robust metrics and log collection demonstrating operational maturity. However, the testing is somewhat deficient. We encourage the team to enhance their unit and integration testing efforts. It's important to note that this audit focuses primarily on the daemons, while the protocol heavily depends on the smart contract logic, which we had limited resources to review thoroughly. For our audit, we referred to [v1.1.0 (commit `c4b6782`) of the contract code]((https://github.com/liquid-collective/liquid-collective-protocol/tree/v1.1.0) to evaluate the smart contract logic. Since the smart contract review was not within our primary scope, our assessment of how the daemons interact with the smart contracts was mainly based on an examination of the contract code comments and a cursory review of the contract code itself to verify certain logic elements. This constrained examination scope should be taken into account when considering our findings. During the audit, we identified several issues. For those directly within the scope of the daemons, most appear to be auto-recoverable, either by waiting for the next tick or by restarting the daemon. However, issues LC-1 might require more attention as both are non-transient. Additionally, we identified some risks concerning the overall design and the assumptions made in the smart contract. These are listed as undetermined issues from LC-11 to LC-14. **Fix Review Update:** The team has fixed or acknowledged all the reported issues.
