VLO - Audit Report
VLO is an fully-decentralized rebase token, with a brand new rebasing mechanism. Instead of rebasing based on price or market capitalization, it rebases based on the “velocity” of the token. This means that the supply of the token increases or decreases over time based on the number of transactions in a given period of time. VLO's configuratino is based on economic theories from Austrian school of Economics and blockchain technology enables VLO to be the first implementation of these theories. .We audited VLO at commit b10dfc08730f6c83c35e3a40d48e2ca36208a897 on GitHub. The contracts are deployed at the addresses below.
Audit Findings Summary:
- VLO token rebases based on the tokens adoption velocity. The rebase percentage is based upon the transfers of the token that occur.
- VLO token can only be minted via the rebase function (to implement rewards based on the token's velocity) or with governance approval.
- Currently the Mises Legacy Pool receives these velocity based rewards to incentivize users to provide liquidity.
- Any changes to the protocol, minting, or decisions on how to distribute funds require governance approval and delayed implementation via the timelock. Upgrading any contracts or setting staking reward rates, for example, require governance approval.
- The goverannce implementation is a fork of Compound's, allowing token holders to vote on proposed transactions that affect the future of the protocol.
- The protocol has staking pools where users can stake assets or LP tokens to earn rewards in VLO.
- Each transfer of the token mints a small amount of Chi Gas Token. These tokens are sent to the Timelock contract, which is controlled by the governance system.
- Anyone can call the rebase function, though it can only be executed once sufficient time has passed. The function cannot be called by a contract. This is not a security issue.
- No security issues from outside attackers were identified.
- VLO's contracts are well written, came with passing test cases, and had useful documentation.
- Compared to most DeFi projects, the control over VELO Protocol is highly decentralized.
- Date: December 19th, 2020
External Threats - Audit Results
|Arbitrary Storage Write||N/A||PASS|
|Delegate Call to Untrusted Contract||N/A||PASS|
|Dependence on Predictable Variables||N/A||PASS|
|State Change External Calls||N/A||PASS|
|User Supplied Assertion||N/A||PASS|
|Critical Solidity Compiler||N/A||PASS|
|Overall Contract Safety||PASS|