Swaap Earn Protocol Vaults
Summary
Swaap is a decentralized asset management protocol that allows fund managers to make use of other pre-approved DeFi protocols. Users can deposit the underlying asset of a fund to acquire shares, thereby investing in the strategy of the fund manager. Swaap leverages the ERC4626 standard to build asset vaults and has developed adaptors to connect to protocols such as Aave, Balancer, Paraswap, and more. The value of assets in a vault is evaluated using their configured oracles. Overall the code is well-written and the team has demonstrated great security awareness. We did not find any significant security concerns, having analyzed numerous economic exploits in addition to the code analysis. The test suite could be improved by the team, particularly branch coverage metrics over adaptors. It was a pleasure to work with the Swaap team who have shown great willingness to improve and optimize their protocol. While we have not found any specific attack vectors, our main concerns for these contracts are: </br> 1. That a user can deposit shares and temporarily inflate the vault assets' value through a contract attached to an adaptor. 2. That a fund manager can slowly drain the value of the fund. </br> We recommend reviewing and performing extensive testing before including new positions or adaptors in the future. **Update:** The Swaap team addressed all the issues found, and updated the test suite to cover the fixes.
