Manual Review

A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Euler Finance's Ethereum Vault Connector.

As the project at hand implements a special-purpose interaction router and framework, intricate care was put into ensuring that the execution flows within the system conforms to the specifications and restrictions laid forth within the protocol's specification.

We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed two discrepancies within the system in relation to its specification which we advise the Euler Finance team to evaluate. More details can be observed in the report's summary as well as in the dedicated findings of each discrepancy.

Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to an exemplary extent, containing comprehensive in-line documentation, a whitepaper, as well as a technical specification document.

A total of 21 findings were identified over the course of the manual review of which 9 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.

The finding table below enumerates all these security / behavioural findings:

ID	Severity	Addressed	Title
EVC-01M			Inexistent Prevention of Modifier Misuse
EVR-01M			Ambiguous Specification Invariant (31)
EVR-02M			Documentation Discrepancy of Security Flags
EVR-03M			Potentially Illegible Revert Error
EVR-04M			Potentially Insecure Acceptance of Funds
EVR-05M			Potentially Restrictive Push Pattern
EVR-06M			Undocumented Operator Restriction
EVR-07M			Arbitrary Consumption of Permit Operations
EVR-08M			Invalidation of Specification Invariant (27)