Bond Protocol is a system to create Olympus-style bond markets for any token pair. The markets do not require maintenance and will manage bond prices based on activity. Bond issuers create BondMarkets that pay out a payout token in exchange for deposited quote tokens. Users can purchase future-dated payout tokens with quote tokens at the current market price and receive bond tokens to represent their position while their bond vests. Once the bond tokens vest, they can redeem it for the quote tokens.
Zellic conducted an audit for Bond Labs from October 26th to November 2nd, 2022.
Our general overview of the code is that it well-organized and structured. The code coverage was adequate, for the majority of the functions. The documentation was adequate, although it could be improved. The code was easy to comprehend, and in most cases, intuitive. There were some parts of the code, namely the SDA contracts, which were of higher complexity than most of the other contracts.
Zellic thoroughly reviewed the Bond Protocol codebase to find protocol-breaking bugs as defined by the documentation and to find any technical issues outlined in the Methodology section of this document.
Specifically, taking into account Bond Protocol's threat model, we focused heavily on issues that would break core invariants such as the issuance and redemption of shares.
During our assessment on the scoped Bond Protocol contracts, we discovered 6 findings. Fortunately, no critical issues were found. Of the six findings, two were of medium severity, two were of low severity, and the remaining findings were informational in nature.
Additionally, Zellic recorded its notes and observations from the audit for Bond Labs's benefit in the Discussion section at the end of the document.