Ajna Finance (Governance)
Summary
**Fix review update:** The Ajna Finance team provided a new commit containing fixes for the issues found. All the issues were addressed. The Extraordinary Funding Method was removed from the project, solving some of the initial issues found. Regarding AJN-4, it was acknowledged by the team. We still recommend including a warning for users in the documentation, as proposals containing a large amount of target addresses could fail due to running out of gas. The funds allocated for those failing proposals will be blocked. **Initial audit:** Quantstamp audited Ajna Finance's governance smart contracts. Ajna Finance is marketed as a non-custodial, peer-to-peer, permissionless lending, borrowing, and trading system that requires no governance or external price feeds to function. Ajna Finance coordinates ecosystem growth in a decentralized voting system, where a fixed percentage of the treasury funds will be distributed in proposals submitted by the community in quarterly periods. We have identified scenarios where the quarterly reserved funds can be locked in the smart contract (e.g. if a proposal execution fails or the rewards are not fully distributed). As per our classification, this would normally rank as "Medium" in severity, but given that blocked funds can be confusing for users, and the impact may be greater if the token price increases, we are increasing the severity to "High" (AJN-1, AJN-2, AJN-3). All issues and design recommendations are discussed in the *Findings* section of this document. Following that, recommendations about documentation and best practices are discussed. We strongly recommend addressing all the issues before deployment. Regarding testing, all tests passed, and the project implements code coverage metrics, reaching a good coverage percentage (`93.33%` branch coverage). We recommend reaching `100%` in `StandardFunding.sol`. Although code coverage is high, some issues found show that some corner cases are not tested (AJN-1, AJN-2, AJN-3). We recommend covering these scenarios and defining their expected behavior, even if the likelihood is low. The documentation quality is high. The Ajna Finance team provided a whitepaper describing the full protocol, including the grant system, as well as a master specification document with more technical details. Voting code follows good code patterns and it is implemented as described in the specification. However, the auditing team found some discrepancies between these documents and the codebase (Extraordinary Funding). We ask the Ajna Finance team to fix these inconsistencies in AJN-12 adding more detail to the related sections of the documentation.
Issues (13)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 2 | - | - | - | 2 |
Fixed | 8 | - | 3 | - | 11 |
| Total | 10 | 0 | 3 | 0 | 13 |