MakerDAO Liquidations 2.0

Off-Chain (Private)
Audited on 2021/05/11
No active critical issues

Summary

Through this audit, we have uncovered 12 total issues ranging from `Medium` to `Informational` severity levels, and 1 of `Undetermined`. Overall, we found the code to be well reasoned, and mostly well validated with the exception of several authorized setter type functions (QSP-4, QSP-6) and some external call (QSP-5). That being said, we found that most of the issues arise from mis-set contract state variables. Though the risk is generally lower as they are modified through authorized functions, the potential damage would not be trivial. Therefore it would be prudent to employ cheap and simple validation to easily minimize the risk further. We note that the specification delivered before the audit was comprehensive and should be held as a diamond standard to how protocols should document. We also note that given the unique nomenclature of the codebase, more effort should be put into easing the minds of unfamiliar readers, through more inline documentation wherever appropriate, such as specifying units of return and input. <br><br> **Reaudit Update:** The Maker team and the Quantstamp auditors had a meeting prior to the submission of the reaudit results by the former, where all the findings were discussed verbally. The Maker team made acknowledgements and gave verbal justifications for some of the findings. However, as the Maker team did not include the acknowledgement justifications in writing, we were unable to include it in the report.


Issues (12)

Low
Medium
High
Critical
Total
Not fixed
82--10
Fixed
2---2
Total1020012


Contracts (3)