Illuvium Yield Farming Rewards
Summary
**After the first audit:** Quantstamp has performed a security audit of the Illuvium yield farming contracts (note that the other contracts in the repositories were not in scope). Several findings indicated below have been identified ranging from High to Undetermined severity levels. Additionally, we have identified issues in the specification, code comments and deviations from best practices. Moreover, we have encountered several failing tests when executing the existing test suite. The errors we encountered are included in this report. We recommend fixing all issues before deploying the code in production. <br><br> **After the reaudit:** We have performed a reaudit, which involved checking the fixes performed by the Illuvium team to address the issues found during the first audit. This report has been updated based on commit hash `98697c5`. <br><br> **Contracts that were in the scope of this audit:** * [IlluviumCorePool.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumCorePool.sol) * [IlluviumFlashPool.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumFlashPool.sol) * [IlluviumLockedPool.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumLockedPool.sol) * [IlluviumPoolBase.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumPoolBase.sol) * [IlluviumPoolFactory.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumPoolFactory.sol) * [IlluviumVault.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/IlluviumVault.sol) * [TokenLocking.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/pools/TokenLocking.sol) * [ILockedPool.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/68297e2fda9090586ca2980d01c2a23642833b65/contracts/interfaces/ILockedPool.sol) **After the 2nd reaudit/review:** Quantstamp has reviewed commit `94807fc` where the following two smart contracts were added: * [FlashPoolV2.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/94807fce56dcda930484baee6cecc30197e2029b/contracts/pools/FlashPoolV2.sol) * [FlashPoolBase.sol](https://github.com/IlluviumGame/illuvium-contracts/blob/94807fce56dcda930484baee6cecc30197e2029b/contracts/pools/FlashPoolBase.sol) All concerns raised by the auditors on commit `76843ad` have been addressed by the current implementation.
Issues (16)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 5 | - | - | - | 5 |
Fixed | 8 | 2 | 1 | - | 11 |
| Total | 13 | 2 | 1 | 0 | 16 |