Last updated
Last updated
In our dedication to ensuring the safety of our users and partners, we aim to provide transparency regarding changes and the status of security audits for our smart contracts.
Keller Finance originates from Equilibre Finance/Velodrome Finance, which, in turn, was adapted from Solidly by Andre Cronje and his team in March 2022.
It's important to note that even with Velodrome audits, risks cannot be entirely eliminated.
Solidly underwent a partial security audit in January 2022, specifically focusing on the AMM part, conducted by PeckShield. The audit revealed 5 low-severity and 1 informal finding.
Velodrome Finance underwent a security audit and peer review during the Code4rena bug bounty contest. Additionally, a full MythX deep scan on Velodrome contracts identified only a few false-positive, low-severity issues.
The results of the Code4rena contest were published on August 8, 2022, and can be accessed here. All high- or medium-risk issues were addressed before deployment, except for one known issue: users being able to claim eligible rewards from ExternalBribe contracts more than once. This issue is currently being resolved through a wrapped contract solution.
This vulnerability does not pose a risk to user funds. Protocols intending to deposit external bribes are encouraged to contact the core team to explore alternative solutions. Additional details about Velodrome's C4 contest can be found here.
As a team, we've collectively opted against performing a secondary audit on the Velodrome Finance contracts.
As a derivative of their contracts through a hard fork, there's no necessity for recurrent allocation of funds for that purpose. Additionally, the protocol has been operating successfully for approximately 12 months without any breaches or internal issues with its contracts, further solidifying this notion.
The funds originally earmarked for this audit will now be directed towards bolstering the platform's development. This involves creating a roadmap to develop DeFi primitives that cater to the evolving needs of the sector.
At the contract level, notable modifications have exclusively occurred within the Internal Bribes contract.
These adjustments aim to address issues associated with double claims of fees within the same epoch and rounding discrepancies related to tokens.
Specifically, alterations have been implemented in the earned function and the checkpoint system employed by the contract for data tracking.
The Velodrome team oversaw these changes, subjecting them to rigorous internal testing before their public release on the mainnet, demonstrating their optimal functionality.
It's crucial to note, however, that no third-party auditing has taken place in this context, introducing an element of risk for users.
