Voyage allows users to obtain short-term loans for purchasing from whitelisted NFT collections. Multiple payment installments are used to reduce the cost of market entry by spreading payments over time. Senior and junior risk tranches are used to incentivize LPs with different risk tolerances. A traditional free market mechanism is used to drive the ratios of assets deposited into senior and junior tranches.

Zellic conducted an audit for L\CustomerName{} from August 22nd to September 2nd, 2022.

Zellic thoroughly reviewed the L\ProjectName{} codebase to find protocol-breaking bugs as defined by the documentation and to find any technical issues outlined in the Methodology section of this document.

Specifically, taking into account Voyage's threat model, we performed a deep analysis of vault interactions including considering multiple variants of interaction sequences between senior and junior depositors and NFT purchasers as well as the security of upgrades, critical function calls, and the oracle implementation.

During our assessment on the scoped Voyage contracts, we discovered 22 findings. There were seven critical issues found. Of the remaining issues, two were high impact, four were medium impact, six were low impact, and the remaining were informational.

Additionally, Zellic recorded its notes and observations from the audit for Voyage Finance's benefit in the Discussion section at the end of the document.

We sometimes observe a high amount of findings in projects undergoing rapid development. Our recommendation to the Voyage team is to adopt a security-focused development workflow. The codebase should be augmented with a comprehensive test suite ensuring the code is behaving as intended under real-world conditions. We also encourage Voyage to freeze the codebase and perform another independent audit before launch.