Migration Contracts Security Audit

Audit Report Revisions

Audit Overview

We were tasked with performing an audit of the Arcade Protocol codebase and in particular their V2-to-V3 loan rollover systems.

Over the course of the audit, we identified a significant vulnerability in the way flash-loans are consumed by the rollover systems which render the underlying collateral of the loans as well as the principal approvals of the borrowers at risk.

We advise the Arcade Protocol team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Arcade Protocol team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Arcade Protocol and have identified that all exhibits have been adequately dealt with no outstanding issues remaining in the report.

Contracts Assessed

Audit Synopsis

Severity	Identified	Alleviated	Partially Alleviated	Acknowledged
	2	2	0	0
	7	7	0	0
	1	1	0	0
	3	3	0	0
	2	2	0	0

During the audit, we filtered and validated a total of 5 findings utilizing static analysis tools as well as identified a total of 10 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style