Last Issues (9)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 2 | - | 1 | - | 3 |
Fixed | 5 | 1 | - | - | 6 |
| Total | 7 | 1 | 1 | 0 | 9 |
Centralized Control of Contract Upgrade
not_fixed/high
The `SftWrapRouter` contract inherits upgradeable contracts, indicating that it is part of an upgradeable system. Upgradeable contracts often pair with a proxy contract that is responsible for managing contract upgrades. The privileged roles of the proxy often have the authority to update the implementation contract. Any compromise to the privileged account may allow a hacker to take advantage of this authority and change the implementation contract which is pointed by proxy and therefore execute potential malicious functionality in the implementation contract.
Out-of-Scope Dependencies
not_fixed/low
The contract is serving as the underlying entity to interact with the out-of-scope contracts `IOpenFundMarket` and deposit tokens to the `IOpenFundMarket`. The scope of the audit treats these entities as black boxes and assumes their functional correctness. However, in the real world, external dependencies and out-of-scope contracts can be compromised and this may lead to lost or stolen assets.
Unused Inheritances
not_fixed/low
The `SftWrapRouter` inherits `AdminControlUpgradeable` and `GovernorControlUpgradeable`, which are initiated but never used. This could potentially lead to confusion and inefficiency in contract deployment and interaction.
Audits (2)
| # | Name | Auditor | Date | Chains | Issues |
|---|---|---|---|---|---|
| 1 | Solv Yield - Bearing Tokens | CertiK | 2024/04/08 | Off-Chain (Private) | No active critical issues |
| 2 | Solv Protocol stUSD - Audit | CertiK | 2023/12/28 | Off-Chain (Private) | No active critical issues |