Audits

Takaturn Diamond contract has undergone a security audit by PeckShield, a leading blockchain security company, to elevate the security, privacy, and usability of current blockchain ecosystems.

Methodology

• The audit follows a systematic approach, including static analysis, manual review, and advanced DeFi scrutiny.

• A full audit checklist is provided, covering various aspects, from basic coding bugs to advanced DeFi scrutiny and best practices.

• The methodology is based on the OWASP Risk Rating Methodology, and findings are categorized using Common Weakness Enumeration (CWE).

• The audit examines the smart contract source code for potential security issues and semantic inconsistencies and provides improvement suggestions.

• The audited protocol's Git repository and commit hashes before and after fixes are provided.

Summary of Findings

The smart contracts were found to be well-designed and engineered, but the implementation has room for improvement. The identified issues include:

• PVE-001: Public Exposure of Privileged Functions (High Severity) - This issue was resolved.

• PVE-002: Potential Reentrancy Risk in Repeatedly Claiming Yields (High Severity) - This issue was resolved.

• PVE-003: Possibly Unexpected Fund Withdrawal in FundFacet (Medium Severity) - This issue was resolved.

• PVE-004: Accommodation of Non-ERC20-Compliant Tokens (Low Severity) - This issue was confirmed.

• PVE-005: Incorrect Withdrawal User Amount Calculation In GettersFacet (Medium Severity)

• PVE-006: Revisited Total Yield Calculation in GettersFacet (Low Severity)

• PVE-007: Trust Issue of Admin Keys (Medium Severity)

• PVE-008: Revisited _solveDefaults() Logic in CollateralFacet (Informational)

Final Report