Fractal is a cross-chain liquidity routing protocol. Its first product is USDF, a yield bearing stable coin which accrues value at a fixed APR. The Fractal yield is powered by a diversified set of DeFi strategies from all the integrated cross-chain blockchains.
For the current revision, majority of the functionality is behind whitelisted and access controlled functions along with the cross-chain swapping process. There are also external strategy managers, and a part of divesting funds to strategies also happens through a manual process.
Zellic conducted an audit for Fractal from March 4th to March 18th, 2022 on the scoped contracts and discovered 8 findings. Fortunately, no critical issues were found. We applaud Fractal for their attention to detail and diligence in maintaining high code quality standards. Of the 8 findings, 2 were of high impact, 1 was of medium impact, and 1 was of low impact. The remaining findings were informational in nature.
Fractal is a cross-chain yield farming aggregator, with the majority of current functionality locked behind centralized access-controlled methods. These methods would be called by thoroughly vetted, transparent, trusted third parties. Thus, for this audit, we focused heavily on the externally reachable attack surface, as bugs there would be of the highest impact.
Our general overview of the code is that it was very well organized and structured. The code coverage is high and tests are included for the majority of the functions. The documentation was adequate, although it could be improved. There were some pain points in a few areas that were confusing to read, but apart from those, the code was easy to comprehend.