Jarvis is building a set of protocols and applications to bring decentralized finance to everyone. Synthereum, their first protocol, is the infrastructure layer underpinning an ecosystem that will allow anyone to access liquidity, yield, and financial services.
Zellic conducted an audit for Jarvis from May 30th to June 10th, 2022.
Our general overview of the code is that it was very well-organized and structured. The code coverage is high, and tests are included for the majority of the functions. The documentation was adequate, although it could be improved. The code was easy to comprehend, and in most cases, intuitive.
We applaud Jarvis for their attention to detail and diligence in maintaining incredibly high code quality standards in the development of Synthereum.
Zellic thoroughly reviewed the Synthereum codebase to find protocol-breaking bugs as defined by the documentation and to find any technical issues outlined in the Methodology section of this document.
Specifically, taking into account Synthereum's threat model, we focused heavily on issues that would break core invariants such as calculating the positions in the pool as well as the states that the `LendingStorageManager' handles for the liquidity providers.
During our assessment on the scoped Synthereum contracts, we discovered four findings. Fortunately, no critical issues were found. Of the four findings, one was of high severity, one was of medium severity, one was of low severity, and the remaining one was informational in nature.
Additionally, Zellic summarized its notes and observations from the audit for Jarvis's benefit in the Discussion section at the end of the document.