Security & Audits
At Venus, our utmost dedication lies in ensuring the highest levels of security for our users. Throughout the entire Smart Contract development lifecycle, we strictly adhere to industry best practices to uphold the integrity of our platform. To further fortify our security measures, we collaborate with renowned auditing firms in the field. These partnerships enable us to conduct comprehensive security assessments of our protocol, thereby safeguarding our users' funds effectively.
The security of the Venus Protocol stands as our highest priority. Our development team, in conjunction with third-party auditors and consultants, has invested substantial efforts to create a protocol that we confidently deem safe and dependable. We prioritize transparency by making all contract code and balances publicly verifiable. Moreover, we offer a bug bounty program to security researchers who report undiscovered vulnerabilities, encouraging continuous improvement and vigilance.
We firmly believe that the true test of a smart contract's security lies in its size, visibility, and time. Consequently, we urge users to exercise caution and make independent assessments of the security and suitability of our protocol.
Audits
E-Mode
Scope: E-Mode support in the Core pool on BNB Chain.
Detailed scope
Pull request #614 in the
venus-protocolrepository:contracts/Comptroller/Diamond/facets/FacetBase.sol
contracts/Comptroller/Diamond/facets/MarketFacet.sol
contracts/Comptroller/Diamond/facets/PolicyFacet.sol
contracts/Comptroller/Diamond/facets/RewardFacet.sol
contracts/Comptroller/Diamond/facets/SetterFacet.sol
contracts/Comptroller/Diamond/interfaces/IFacetBase.sol
contracts/Comptroller/Diamond/interfaces/IMarketFacet.sol
contracts/Comptroller/Diamond/interfaces/ISetterFacet.sol
contracts/Comptroller/Diamond/Diamond.sol
contracts/Comptroller/ComptrollerInterface.sol
contracts/Comptroller/ComptrollerLensInterface.sol
contracts/Comptroller/ComptrollerStorage.sol
contracts/Comptroller/Types/PoolMarketId.sol
contracts/InterfacesV8.sol
contracts/Lens/ComptrollerLens.sol
contracts/Lens/VenusLens.sol
contracts/Liquidator/Liquidator.sol
contracts/Tokens/VAI/VAIController.sol
contracts/Tokens/VTokens/VToken.sol
contracts/Utils/ErrorReporter.sol
Risk Stewards V1 and Core Pool Comptroller Interface Compatibility with Isolated Pools
Scope: Venus Risk Steward contracts, compatible with the Risk Oracle contracts from Chaos Labs. These stewards are authorized to perform risk parameter changes (initially, only increasing the supply and borrow caps) without requiring VIPs. Additionally, the interface of the Comptroller contract on BNB Chain is extended with the functions defined in the Comptroller contract for Isolated Pools, simplifying interactions with both Comptroller contracts. Enabled in VIP-544.
Detailed scope
Pull request #115 in the
governance-contractsrepository:contracts/RiskSteward/RiskStewardReceiver.sol – entry point of the feature
contracts/RiskSteward/MarketCapsRiskSteward.sol
contracts/RiskSteward/IRiskSteward.sol
contracts/RiskSteward/IRiskStewardReceiver.sol
Interfaces with external contracts:
contracts/interfaces/ICorePoolComptroller.sol
contracts/interfaces/IIsolatedPoolsComptroller.sol
contracts/interfaces/IRiskOracle.sol
contracts/interfaces/IVToken.sol
Pull request #548 in the
venus-protocolrepository:contracts/Comptroller/Diamond/facets/MarketFacet.sol
contracts/Comptroller/Diamond/facets/PolicyFacet.sol
contracts/Comptroller/Diamond/facets/SetterFacet.sol
contracts/Comptroller/Diamond/interfaces/IMarketFacet.sol
contracts/Comptroller/Diamond/interfaces/IPolicyFacet.sol
contracts/Comptroller/Diamond/interfaces/ISetterFacet.sol
Native Token Gateway upgrade
Scope: NativeTokenGateway contract upgrade, to make it compatible with the Core pool on BNB Chain. Enabled in VIP-543
Detailed scope
Pull request #8
contracts/Gateway/Interfaces/IVToken.sol
contracts/Gateway/INativeTokenGateway.sol
contracts/Gateway/Interfaces/IWrappedNative.sol
contracts/Gateway/NativeTokenGateway.sol
Venus ERC4626 Vaults
Scope: ERC-4626 wrapper for Venus markets for isolated pools, enabling seamless integration with external DeFi protocols that follow the ERC-4626 standard.
Detailed scope
Pull request #497 in the
isolated-poolsrepository.contracts/ERC4626/VenusERC4626.sol
contracts/ERC4626/VenusERC4626Factory.sol
contracts/ERC4626/Interfaces/IComptroller.sol
contracts/ERC4626/Interfaces/IProtocolShareReserve.sol
contracts/ERC4626/Interfaces/IRewardsDistributor.sol
Pull request #137 in the
protocol-reserverepositorycontracts/Interfaces/IProtocolShareReserve.sol
asBNB Oracle
Scope: Correlated oracle to get the price of asBNB token on BNB Chain, taking into account first the onchain conversion rate asBNB to slisBNB.
Detailed scope
Pull Request #275
Files:
contracts/oracles/AsBNBOracle.sol
zkETH Oracle
Scope: Correlated oracle to get the price of zkETH token on ZKsync, taking into account first the onchain conversion rate zkETH to rzkETH.
Detailed scope
Pull Request #269
Files:
contracts/oracles/ZkETHOracle.sol
ERC4626 Oracle
Scope: Correlated oracle to get the price of ERC4626 tokens, taking into account first the onchain conversion rate of the ERC4626 token with its underlying token.
Detailed scope
Pull Request #253
Files:
contracts/oracles/ERC4626Oracle.sol
PendleOracle upgrade
Scope: Upgrade the current implementation of the PendleOracle contract to add support for for Pendle's getPtToSyRate() . This allows the ability to add yield tokens as a base, as an alternative to using the underlying asset directly.
Detailed scope
Pull Request #240
Files:
contracts/oracles/PendleOracle.sol
contracts/interfaces/IPendlePtOracle.sol
ACMCommandsAggregator
Scope: ACMCommandsAggregator is a permissionless contract, to be deployed to the remote networks (every network except BNB Chain), to facilitate the configuration (grants and revokes) of permissions in the AccessControlManager of each network.
Detailed scope
Pull Request #90
Files:
contracts/Utils/ACMCommandsAggregator.sol
TwoKinksInterestRate
Scope: Develop new interest rate model for the core pool (here) and for the isolated pools (here), supporting two different kinks and therefore three different slopes. Enabled in VIP-385.
Unlist markets
Scope: Changes in the isolated pools and core contracts to support unlisting markets. Fix in the core pool the behaviour of borrow caps set to zero. Enabled in VIP-361.
Detailed scope
Unlist markets
Pull request #429 in the
venus-protocolrepo:Change: allow Governance the logical deletion of markets from the Comptroller contract
contracts/Comptroller/Diamond/facets/MarketFacet.sol
contracts/Comptroller/Diamond/facets/PolicyFacet.sol
Pull request #349 in the
isolated-poolsrepo:Change: allow Governance the logical deletion of markets from the Comptroller contract
Files: contracts/Comptroller.sol
Fix Borrow Cap 0 Logic
Pull request #438 in the
venus-protocolrepo:Change: previously, a borrow cap of 0 meant no-caps. That is error-prone. With the new logic, a borrow cap of 0 won't allow new borrows
contracts/Comptroller/ComptrollerStorage.sol
contracts/Comptroller/Diamond/facets/PolicyFacet.sol
contracts/Comptroller/Diamond/facets/SetterFacet.sol
Oracle for Ether.fi LRT tokens (weETHs and weETHk) on Ethereum
Scope: specific oracle for the tokens weETHs and weETHk on Ethereum, using an Accountant contract under the hood, provided by the Ether.fi project. Enabled in VIP-355.
Detailed scope
Pull request #213
contracts/oracles/WeETHAccountantOracle.sol
contracts/interfaces/IAccountant.sol
VBNBAdmin: new function setInterestRateModel
Scope: Update of the VBNBAdmin contract to integrate the AccessControlManager within the setInterestRateModel function. This will allow to authorize more timelocks (not only the Normal timelock) to execute this function, so Fast-track and Critical VIP's will be able to update the interest rate model on the VBNB market. Enabled in VIP-343.
Detailed scope
Pull request #487
contracts/Admin/VBNBAdmin.sol
contracts/Admin/VBNBAdminStorage.sol
Oracle for sfrxETH on Ethereum
Scope: specific oracle for the token sfrxETH on Ethereum, using the SfrxEthFraxOracle oracle under the hood, provided by the FRAX project. Enabled in VIP-329.
Detailed scope
Pull request #191
contracts/oracles/SFrxETHOracle.sol
Multichain Governance
Scope: Cross chain messaging, execution of VIP on non-BNB chains. Integration of Multichain Governance in Venus. Enabled in VIP-330 and VIP-331.
Detailed scope
Pull request #21
contracts/Cross-chain/BaseOmnichainControllerDest.sol
contracts/Cross-chain/BaseOmnichainControllerSrc.sol
contracts/Cross-chain/OmnichainExecutorOwner.sol
contracts/Cross-chain/OmnichainGovernanceExecutor.sol
contracts/Cross-chain/OmnichainProposalSender.sol
contracts/Cross-chain/interfaces/IGovernananceBravoDelegate.sol
contracts/Cross-chain/interfaces/ITimelock.sol
contracts/Governance/TimelockV8.sol
main
Time-based contracts and seize XVS rewards
Scope: Changes in the isolated pools, core and oracle contracts to support blockchains where the block rate is not constant (i.e. Arbitrum). Add to the Core pool the feature to seize XVS rewards via VIP.
Detailed scope
Pull request #324 in the
isolated-poolsrepoChange: Timestamp-based Isolated lending contracts
contracts/JumpRateModelV2.sol
contracts/Lens/PoolLens.sol
contracts/Rewards/RewardsDistributor.sol
contracts/Rewards/RewardsDistributorStorage.sol
contracts/Shortfall/Shortfall.sol
contracts/Shortfall/ShortfallStorage.sol
contracts/VToken.sol
contracts/VTokenInterfaces.sol
contracts/WhitePaperInterestRateModel.sol
contracts/lib/constants.sol
Pull request #418 in the
venus-protocolrepoChange: Time-based XVSVault
contracts/XVSVault/TimeManagerV5.sol
contracts/XVSVault/XVSVault.sol
contracts/XVSVault/XVSVaultStorage.sol
Pull request #128 in the
oraclerepoChange: Add Arbitrum sequencer downtime validation for Chainlink Oracle
contracts/oracles/SequencerChainlinkOracle.sol
contracts/oracles/ChainlinkOracle.sol
Pull request #417 in the
venus-protocolrepoChange: Seize XVS rewards
contracts/Comptroller/Diamond/facets/RewardFacet.sol
Pull request [#410] https://github.com/VenusProtocol/venus-protocol/pull/410 in the
venus-protocolrepoChange: Dynamically Set Addresses for XVS and XVSVToken
contracts/Comptroller/ComptrollerStorage.sol
contracts/Comptroller/Diamond/Diamond.sol
contracts/Comptroller/Diamond/facets/FacetBase.sol
contracts/Comptroller/Diamond/facets/RewardFacet.sol
contracts/Comptroller/Diamond/facets/SetterFacet.sol
VAI Controller
Scope: VAIController contract, fixing how the seized amounts during a VAI liquidations are calculated, considering the original VAI debt plus the interests generated. Enabled in VIP-299.
Detailed scope
Pull request #467
contracts/Tokens/VAI/VAIController.sol
XVS bridge - Mesh architecture
Scope: enable XVS transfers between networks different to the BNB Chain, for example, between Ethereum mainnet and opBNB mainnet. Detailed scope. Enabled in VIP-292.
Correlated token oracles
Scope: set of oracles for tokens whose price is highly correlated with the price of another token. This definition includes Liquid Staked Tokens (like wsETH, weETH, WBETH, ankrBNB, BNBx, slisBNB, stkBNB), ERC-4226 tokens (like sFRAX, sfrxETH) and any token covertible to other token onchain (like the Pendle PT tokens). WeETHOracle enabled in VIP-290. AnkrBNBOracle, BNBxOracle, SlisBNBOracle and StkBNBOracle enabled in VIP-293.
Detailed scope
Pull request #165
contracts/oracles/AnkrBNBOracle.sol
contracts/oracles/BNBxOracle.sol
contracts/oracles/OneJumpOracle.sol
contracts/oracles/PendleOracle.sol
contracts/oracles/SFraxOracle.sol
contracts/oracles/SFrxETHOracle.sol
contracts/oracles/SlisBNBOracle.sol
contracts/oracles/StkBNBOracle.sol
contracts/oracles/WBETHOracle.sol
contracts/oracles/WeETHOracle.sol
contracts/oracles/WstETHOracle.sol
contracts/oracles/common/CorrelatedTokenOracle.sol
Native token gateway
Scope: NativeTokenGateway contract, that facilitates the interaction (borrow, supply, repay and redeem) with markets where the underlying token is a wrapped version of the native token (for example WETH on Ethereum, or BNB on BNB chain). Enabled in VIP-276.
Detailed scope
Pull request #361
contracts/Comptroller.sol
contracts/ComptrollerStorage.sol
contracts/Gateway/Interfaces/IVtoken.sol
contracts/Gateway/Interfaces/IWrappedNative.sol
contracts/Gateway/NativeTokenGateway.sol
contracts/VToken.sol
contracts/VTokenInterfaces.sol
Pull request #442
contracts/Tokens/VTokens/VBep20.sol
contracts/Tokens/VTokens/VToken.sol
contracts/Comptroller/Diamond/facets/MarketFacet.sol
Oracle for wstETH
Scope: Oracle for wstETH, using the exchange rate wstETH/stETH from the stETH contract on Ethereum, assuming 1:1 for the conversion rate stETH:ETH, and converting ETH to USD using the Resilient Oracles.
Detailed scope
Pull request #155 in the
oraclerepocontracts/oracles/WstETHOracle.sol
Token converters
Scope: Token converter contracts. These contracts will allow the protocol to convert the income generated to the needed tokens, following the Tokenomics. Enabled in VIP-245 and VIP-248.
Private conversions (optimization to avoid the payment of incentives to third parties when the conversion can be completed internally)
Detailed scope
Pull request #9 in the
protocol-reserverepo.contracts/TokenConverter/AbstractTokenConverter.sol
contracts/TokenConverter/IAbstractTokenConverter.sol
contracts/TokenConverter/RiskFundConverter.sol
contracts/TokenConverter/XVSVaultConverter.sol
contracts/ProtocolReserve/RiskFundStorage.sol
contracts/ProtocolReserve/RiskFundV2.sol
contracts/ProtocolReserve/XVSVaultTreasury.sol
contracts/Utils/Constants.sol
contracts/Utils/Validators.sol
Pull request #35 in the
protocol-reserverepo.contracts/Interfaces/IConverterNetwork.sol
contracts/TokenConverter/AbstractTokenConverter.sol
contracts/TokenConverter/ConverterNetwork.sol
contracts/TokenConverter/IAbstractTokenConverter.sol
contracts/TokenConverter/RiskFundConverter.sol
contracts/TokenConverter/SingleTokenConverter.sol
contracts/Utils/ArrayHelpers.sol
XVS bridge and multichain deployment
Scope: token-bridge repository, with contracts to allow the bridge of XVS tokens from/to BNB to/from other EVM compatible networks, like Ethereum. Extend the OFTV2 LayerZero contracts, adding custom security rules. XVS and TokenController contract, to be used on the destination chains (initially Ethereum mainnet, Arbitrum one, Polygon zkEVM and opBNB). Moreover, the audit scope included: a new VTreasuryV8 contract, and changes in the Resilient Oracle and Isolated pools](https://github.com/VenusProtocol/isolated-pools/pull/294) to make them compatible with other networks. Enabled in VIP-232.
Detailed scope
Certik, Quantstamp and Peckshield audited:
token-bridge repository
Branch:
developLast commit:
91b640fffb0c374bdb63a0f6e8e756793e892ad6List of files in the scope:
contracts/Bridge/BaseXVSProxyOFT.sol
contracts/Bridge/XVSBridgeAdmin.sol
contracts/Bridge/XVSProxyOFTDest.sol
contracts/Bridge/XVSProxyOFTSrc.sol
contracts/Bridge/token/TokenController.sol
contracts/Bridge/token/XVS.sol
contracts/Bridge/interfaces/IXVSProxyOFT.sol
contracts/Bridge/interfaces/IXVS.sol
Moreover, Peckshield audited this:
https://github.com/VenusProtocol/venus-protocol/pull/345
This is the treasury contract used in the different networks
Inspired by the VTreasury contract deployed to BNB chain (solidity 0.5.16, here)
Main chain: adapted to solidity 0.8.20
Last commit: 0a058575a48b3b1d55cf257f2ade768b749f0fc6
Resilient Oracles change
https://github.com/VenusProtocol/oracle/pull/124
Rename variables related to the native token on each chain and the VAI token
Last commit: a0a36bcd94e5acd41e137e3cef711484f86eb397
Apart from the previous scopes, Quantstamp also audited:
Isolated pools change
https://github.com/VenusProtocol/isolated-pools/pull/294
Convert into immutable the number of blocks per year, so it can be configured per chain during the deployment
Last commit: 5e660bffec987b3d31aba3f11b5c4e35f689f646
XVSVault
Last commit: a158f8c335d0cfad71f1d2c27af6b0d92f4abe41
Protocol Share Reserve
Last commit: e396119c4442b7811fbeb14ad0851afec1a9d0fa
Access Control Manager
Last commit: 358bed476af7d7d871bf59e77c9daba22a7c2339
Venus Prime
Scope: Prime and PrimeLiquidityProvider contracts, to manage the eligibility of Prime tokens and the rewards distributions.
Enabled in VIP-201, VIP-202, VIP-203, VIP-206 and VIP-210. Updated in VIP-225.
Certik audit report (2023/12/19) - Venus Prime update
Allow mint VAI only to Prime holder
Support for Isolated pools
Support for networks without a constant block rate (for example, Arbitrum)
Detailed scope
Pull request #196 in the core pool repo.
Prime feature:
contracts/Tokens/Prime/IPrime.sol
contracts/Tokens/Prime/Prime.sol
contracts/Tokens/Prime/PrimeStorage.sol
contracts/Tokens/Prime/PrimeLiquidityProvider.sol
Comptroller integration:
contracts/Comptroller/ComptrollerStorage.sol
contracts/Comptroller/Diamond/facets/PolicyFacet.sol
contracts/Comptroller/Diamond/facets/SetterFacet.sol
XVSVault integration:
contracts/XVSVault/XVSVault.sol
contracts/XVSVault/XVSVaultStorage.sol
Libs:
contracts/Tokens/Prime/libs/Scores.sol
contracts/Tokens/Prime/libs/FixedMath.sol
contracts/Tokens/Prime/libs/FixedMath0x.sol
Venus Prime update. Enabled in VIP-225.
Pull request #407
contracts/Tokens/Prime/IPrime.sol
contracts/Tokens/Prime/Interfaces/IPrime.sol
contracts/Tokens/Prime/Prime.sol
contracts/Tokens/Prime/PrimeLiquidityProvider.sol
contracts/Tokens/Prime/PrimeStorage.sol
contracts/Utils/TimeManager.sol
contracts/Tokens/VAI/VAIController.sol
contracts/Tokens/VAI/VAIControllerStorage.sol
Pull request #327
contracts/Comptroller.sol
contracts/ComptrollerStorage.sol
contracts/VToken.sol
Automatic income allocation
Scope: Changes in the VToken contracts of the Core and IL pools (including the VBNB market), to send automatically the interest reserves to the new ProtocolShareReserve contract, where configured rules will distribute the income following the tokenomics of the project. Enabled in VIP-189, VIP-192, VIP-193 and VIP-194.
Detailed scope
Core pool - interest reserves:
Pull request: https://github.com/VenusProtocol/venus-protocol/pull/262
Files:
contracts/Tokens/VTokens/VToken.sol
contracts/Tokens/VTokens/VTokenInterfaces.sol
contracts/Utils/ErrorReporter.sol
Harvesting BNB income:
Pull request: https://github.com/VenusProtocol/venus-protocol/pull/289
Files:
contracts/Admin/VBNBAdmin.sol
contracts/Admin/VBNBAdminStorage.sol
Isolated pools - Liquidations & interest reserves:
Pull request: https://github.com/VenusProtocol/isolated-pools/pull/207
Files:
contracts/VToken.sol
contracts/VTokenInterfaces.sol
Distribute the collected incomes -
ProtocolShareReservecontractBranch
developin the repo https://github.com/VenusProtocol/protocol-reserve. Last commit to consider: dfb653d2e3fe163a248bbd9f8951cd6b96b06390Files:
contracts/ProtocolReserve/ProtocolShareReserve.sol
contracts/Interfaces/IIncomeDestination.sol
contracts/Interfaces/IPrime.sol
contracts/Interfaces/IProtocolShareReserve.sol
contracts/Interfaces/IVToken.sol
contracts/Interfaces/ComptrollerInterface.sol
contracts/Interfaces/PoolRegistryInterface.sol
Diamond Comptroller
Scope: Upgrade of the Comptroller contract in the Core pool, implementing the Diamond pattern. Enabled in the VIP-174.
Detailed scope
Code to be audited: https://github.com/VenusProtocol/venus-protocol/pull/224 Last commit: 331394866b0b78ea3b65efe03931acd582d0382e Files in the scope of the audit:
contracts/Comptroller/ComptrollerStorage.solcontracts/Comptroller/Diamond/Diamond.solcontracts/Comptroller/Diamond/facets/FacetBase.solcontracts/Comptroller/Diamond/facets/MarketFacet.solcontracts/Comptroller/Diamond/facets/PolicyFacet.solcontracts/Comptroller/Diamond/facets/RewardFacet.solcontracts/Comptroller/Diamond/facets/SetterFacet.solcontracts/Comptroller/Diamond/facets/XVSRewardsHelper.solcontracts/Comptroller/Diamond/interfaces/IDiamondCut.solcontracts/Comptroller/Diamond/interfaces/IMarketFacet.solcontracts/Comptroller/Diamond/interfaces/IPolicyFacet.solcontracts/Comptroller/Diamond/interfaces/IRewardFacet.solcontracts/Comptroller/Diamond/interfaces/ISetterFacet.solcontracts/Lens/ComptrollerLens.solcontracts/Lens/SnapshotLens.sol
BUSDLiquidator
Scope: Contract to forcibly liquidate BUSD positions after enabling the "forced liquidations" feature in the BUSD market, in the VIP-191
Detailed scope
Code to be audited: https://github.com/VenusProtocol/venus-protocol/pull/362 Last commit: 592b022723740c6b7b066445f407f12253d85637
Forced liquidations in the Isolated pools
Scope: Upgrade of the Comptroller contract in the Isolated pools, adding the "forced liquidations" feature, enabled on VIP-186
Forced liquidations in the Core pool
Scope: Upgrade of the Comptroller contract in the Core pool, adding the "forced liquidations" feature, enabled on VIP-172
RiskFund and Shortfall handling
Scope: RiskFund, Shortfall and ProtocolShareReserve contracts in the isolated-pools repo, enabled on VIP-170
These contracts were in the scope of the audits done before the launch of Isolated Pools in the VIP-134. Some upgrades were done on these contracts, and a new round of audits were done focused on these changes.
Peg Stability Module (PSM)
Scope: Peg Stability Module contract for VAI/USDT, enabled on VIP-157
Oracles upgrade (2023/07/24)
Scope: Upgrade of the Resilient Price Feeds, enabled on VIP-145.
Oracles
Scope: New Resilient Price Feeds, enabled on VIP-123.
HashEx vulnerability report - 2024/02/01. No risks, because the TWAP oracle is not used at all by the Venus Protocol. The
TwapOracleis removed from the repository to avoid any confusion.
Vaults
Scope: Upgrade of the XVSVault, VAIVault and VRTVault, enabled on VIP-127.
Isolated pools
Scope: Isolated pools, first enabled on VIP-134.
Automatic Income Allocation in the Liquidator contract
Scope: Integration of the Automatic Income Allocation into the Liquidator contract used in the Core pool on BNB chain.
Detailed scope
Pull request #241 in the
venus-protocolrepo.contracts/Liquidator/Liquidator.sol
contracts/Liquidator/LiquidatorStorage.sol
Swap router
Scope: SwapRouter contract, enabled on VIP-131.
VToken
Scope: Delegate Borrowing in Venus. Upgrade of BUSD, USDC, USDT, BTCB and ETH markets, to reduce the risks on Venus that resulted from the September 2022 BNB Bridge incident. Executed on VIP-99.
Last updated