LiquiFi

Off-Chain (Private)

Audited on 2022/02/24

No active critical issues

Summary

**After initial audit:** Quantstamp has performed an audit of the LiquiFi repository. Overall the code base is relatively small and makes use of a lot of OpenZeppelin libraries, that were not part of the audit. While there is some documentation present, it is fairly basic and still contains some `TODO` items. Additionally, there is no specification, which made it hard to tell whether a lack of some features is intended or not. The audit resulted in a total of 21 findings and an additional 11 best practice violations, described below. We confirm that none of the tests are failing when executed on our end. We recommend that all issues reported in this document be addressed. **After reaudit:** Quantstamp has checked the commit hash `356cd6d` and has determined that 20 issues have been resolved (that is either fixed or mitigated) and 1 issue has been acknowledged by the LiquiFi team. More details regarding each of the issues are provided in the update messages below each issue recommendation.

Project

LiquiFi

Ethereum

Issues (21)

	Low	Medium	High	Critical	Total
Not fixed	2	1	-	-	3
Fixed	15	1	2	-	18
Total	17	2	2	0	21

Contracts (8)

#	File Name
1	contracts/modules/BaseModule.sol
2	contracts/employee/EmployeeRegistry.sol
3	contracts/modules/LinearModule.sol
4	contracts/vesting/Vesting.sol
5	contracts/modules/CliffModule.sol
6	contracts/escrow/Escrow.sol
7	contracts/lib/Utils.sol
8	contracts/modules/StreamModule.sol

#	File Name
1	contracts/modules/BaseModule.sol
2	contracts/employee/EmployeeRegistry.sol
3	contracts/modules/LinearModule.sol
4	contracts/vesting/Vesting.sol
5	contracts/modules/CliffModule.sol
6	contracts/escrow/Escrow.sol
7	contracts/lib/Utils.sol
8	contracts/modules/StreamModule.sol

LiquiFi

Summary

Issues (21)

Privileged Roles and Ownershipnot_fixed/medium

`createVestPlan` Missing Input Validationnot_fixed/low

Events Not Emitted on State Changenot_fixed/low

Contracts (8)