Omniscia Convex Finance Due Diligence

Convex Finance Due Diligence Report

We were tasked with performing a due diligence report on the Convex Finance protocol implementation, assessing their market fitness, overall security as well as potentially harmful centralization aspects.

Over the course of the engagement we were able to pinpoint certain potentially incorrect logic paths in the way the functions of the contracts can be executed as well as several optimizations that can be applied to the codebase.

Contract NameDeployment AddressRepository (Indicative)
Booster0xF403..AE31convex-eth:8a9e68d
VoterProxy0x989A..AD80convex-eth:8a9e68d
Cvx0x4e3F..9D2Bconvex-eth:8a9e68d
cCrv0x62B9..0Aa7convex-eth:8a9e68d
CrvDepositor0x8014..86Aeconvex-eth:8a9e68d
RewardFactory0xEdCC..aa8Dconvex-eth:8a9e68d
TokenFactory0x3c99..7aB9convex-eth:8a9e68d
StashFactory0x8772..de75convex-eth:8a9e68d
cvxRewardPool0xCF50..9332convex-eth:8a9e68d
BaseRewardPool0x3Fe6..587econvex-eth:8a9e68d
PoolManager0x3b2D..5a9Cconvex-eth:8a9e68d
ArbitartorVault0x25E1..1616convex-eth:8a9e68d
ConvexMasterChef0x5F46..0605convex-eth:8a9e68d
VestedEscrow0xe989..8fCCconvex-eth:8a9e68d
MerkleAirdropFactory0xa1Bc..2991convex-eth:8a9e68d
MerkleAirdrop0x2E08..AcCdconvex-eth:8a9e68d
ClaimZap0x4890..6fa2convex-eth:8a9e68d
SushiSwap LP (CVX/ETH)0x0576..E906sushiswap:a54cd56
SushiSwap LP (cvxCRV/CRV)0x33F6..4007sushiswap:a54cd56
Convex Multisig (GnosisSafe v1.1.1)0xa3C5..e2FBsafe-contracts:2df0b2e
Convex Finance Deployer (EOA)0x947B..0277N/A
TreasuryFunds0x1389..1bb7convex-eth:8a9e68d

During the engagement, we performed a white-box analysis of the Convex protocol by directly analyzing the deployed contracts, we digested all publicly available resources with regards to the technical specification of the project such as audit reports and we ultimately scrutinized the tokenomic model of the system to identify potential pitfalls in its design that could be harmful in both the long and short term.

The list below covers each chapter in depth and links to the respective segment of the report:

Next

Project DevOps