Levva Protocol

Summary

**Note:** Since the audit, the client rebranded "Marginly" to "Levva", hence the report refers to the protocol as "Marginly". Marginly is a margin trading and derivatives platform that allows users to provide liquidity to the protocol while gaining interest, deposit collateral, open long/short positions, and liquidate unhealthy positions to ensure overall system health. The audit team found five high-severity and three medium-severity issues that indicate that the system is not functioning as intended. For example, user and protocol funds are at risk due to inadequate slippage protection that makes swaps susceptible to sandwich attacks. Most of the issues found revolve around the complexity and novel design for calculating user/protocol collateral and debt. This is exacerbated due to a lack of in-depth technical documentation regarding these mechanisms. It is highly recommended to improve documentation to explain the functionality of all protocol mechanisms clearly. Regarding the project quality, the code is well-written, and test coverage is moderate. The auditors followed a best-effort approach to identify potential combinations of inputs and outputs that could lead to unexpected behavior. Our team frequently interacted with the Marginly team to clarify code and expected behavior. Their active engagement in answering our questions was crucial and greatly assisted in completing the audit. We strongly recommend that the client address and consider all the findings in this report. <br> **Update (First Fix Review)**: Most findings and best practices have been addressed for the fix review, which has been provided under commit hash [422e7398d4d82ae63c973f49952589c1f2a81fc3](https://github.com/eq-lab/marginly/commit/422e7398d4d82ae63c973f49952589c1f2a81fc3). However, the provided fix for issue `MAR-2` does not properly handle the case where unhealthy positions are present during an emergency shutdown. Therefore, if this were to be the case, users could withdraw more tokens than they are entitled to. <br> **Update (Second Fix Review)**: The Marginly team has now fixed, mitigated, or sufficiently acknowledged all issues within the report, which has been provided under commit hash [2e69e9a9bdfa05199e03cb75a493730b98a0f048](https://github.com/eq-lab/marginly/commit/2e69e9a9bdfa05199e03cb75a493730b98a0f048).