Alchemix v2 audit, completed in partnership with Runtime Verification

Following a thorough review of our code and leaving only bytes to spare we’re delighted to present the findings of our Alchemix V2 smart contract audit.

Our work with Runtime Verification began in June of 2021 by doing a thorough review of design considerations for version 2 of both the Alchemist and the Transmuter, the two core elements of the Alchemix protocol. The feedback from this review helped shape the eventual architecture of both pieces, and put us on a path to develop a secure, scalable, pluggable version of the protocol that underwent a thorough audit in November and December of 2021. The results of this audit, and of our continuing partnership with RV, have proven invaluable, and have given us the confidence to launch the next iteration of the Alchemix protocol.

The V2 audit covered the following major contracts:

  • AlchemistV2
  • TransmuterV2
  • TransmuterBuffer
  • AlchemicTokenV2
  • WETHGateway
  • YearnTokenAdapter

the following base contracts:

  • Multicall
  • Mutex
  • SelfPermit
  • Whitelist

and the following libraries:

  • FixedPointMath
  • LiquidityMath
  • Limiters
  • SafeCast
  • Sets
  • Ticks
  • TokenUtils

The issues uncovered by RV fall into 3 tiers of severity: Low, Medium, and High.
Low issues consist of the potential for misconfigurations, the contracts not operating exactly as prescribed, and general informational notes. Medium issues are those that could lead to loss of functionality, loss of funds, or yield manipulation. High issues are those that could break core Alchemist accounting logic, or allow users to steal funds.

Of the 14 Low and 3 High issues, all recommended remedies were applied and reviewed by RV. While 9 of the 11 Medium issues were fixed and reviewed during the course of the audit, 2 (A08 & A09) were fixed after the audit was completed, and are currently being reviewed by RV.

One major design choice of note in Alchemix v2 is that of upgradeability. All 3 major contracts (AlchemistV2, TransmuterV2, and TransmuterBuffer) are built to be used via upgradeable proxies. This entrusts the Alchemix DAO with the ability and responsibility to upgrade the functionality of these pieces as it sees fit.

We know that users, builders, and the rest of the Alchemix community members are itching to get their hands on v2, so we’re looking to roll it out as soon as possible. After careful consideration, the Alchemix core team believes that the last 2 outstanding issues that were raised as a result of the last audit (mentioned above) are worth fixing before launching v2. PR’s are already out for review and the next engagement with RV began February 1st.

If you’d like to read the audit for yourself please use this link.

So, wen V2?


VERY soon(TM).

Alchemix | Docs | Discord | YouTube | Twitter | Forum | Github




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to see the list of hidden parameters in an Oracle database The Beta Launch

Why Every Software Tester Should Have A Personal GitHub

Webinar Recap — Power Apps: Getaway to Industry 4.1

7 Beginners Tips To Help You Get Better At Learn Python

Parsing GitHub web-hook json payload in Jenkins using generic-webhook-trigger plugin.

Modern Application Infrastructure

Machine Learning with PHP: using Support Vector Machine (SVM) via ext-svm

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alchemix Finance

Alchemix Finance

More from Medium

Umami Finance Partners With Synapse Protocol To Introduce gOHM Liquidity To Arbitrum

Vesta Finance x Olympus Incubator

Alchemix cinematic ad campaign

Tarot DAO: Governance Guide