Search
K

Security & Audits

At Venus, our utmost dedication lies in ensuring the highest levels of security for our users. Throughout the entire Smart Contract development lifecycle, we strictly adhere to industry best practices to uphold the integrity of our platform. To further fortify our security measures, we collaborate with renowned auditing firms in the field. These partnerships enable us to conduct comprehensive security assessments of our protocol, thereby safeguarding our users' funds effectively.
The security of the Venus protocol stands as our highest priority. Our development team, in conjunction with third-party auditors and consultants, has invested substantial efforts to create a protocol that we confidently deem safe and dependable. We prioritize transparency by making all contract code and balances publicly verifiable. Moreover, we offer a bug bounty program to security researchers who report undiscovered vulnerabilities, encouraging continuous improvement and vigilance.
We firmly believe that the true test of a smart contract's security lies in its size, visibility, and time. Consequently, we urge users to exercise caution and make independent assessments of the security and suitability of our protocol.

Audits

Forced liquidations in the Core pool

Scope: upgrade of the Comptroller contract in the Core pool, adding the "forced liquidations" feature.

RiskFund and Shortfall handling

Scope: RiskFund, Shortfall and ProtocolShareReserve contracts in the isolated-pools repo, enabled on VIP-170
These contracts were in the scope of the audits done before the launch of Isolated Pools in the VIP-134. Some upgrades were done on these contracts, and a new round of audits were done focused on these changes.

Peg Stability Module (PSM)

Scope: Peg Stability Module contract for VAI/USDT, enabled on VIP-157

Oracles upgrade (2023/07/24)

Scope: upgrade of the Resilient Price Feeds, enabled on VIP-145.

Oracles

Scope: new Resilient Price Feeds, enabled on VIP-123.

Vaults

Scope: upgrade of the XVSVault, VAIVault and VRTVault, enabled on VIP-127.

Isolated pools

Scope: Isolated pools, first enabled on VIP-134.

Swap router

Scope: SwapRouter contract, enabled on VIP-131.

VToken

Scope: Delegate Borrowing in Venus. Upgrade of BUSD, USDC, USDT, BTCB and ETH markets, to reduce the risks on Venus that resulted from the September 2022 BNB Bridge incident. Executed on VIP-99.