Governance System Security Audit

Audit Report Revisions

Audit Overview

We were tasked with performing an audit of the Pareto codebase and in particular their Governance System module.

The contracts are composed of voting power querying adapters, governance contracts, and a simplistic vesting implementation.

For the purposes of this audit, we assumed that the ve8020 moniker was utilized to refer to Balancer's 80/20 voting escrow system or an implementation thereof.

Over the course of the audit, we identified a significant flaw in one of the voting adapters that would result in retroactive voting power manipulations in addition to other issues in the codebase.

We advise the Pareto team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Pareto team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Pareto and have confirmed that all exhibits have either been safely acknowledged or adequately alleviated.

We consider all outputs of the audit report properly consumed by the Pareto team with no outstanding remediative actions remaining.

Audit Synopsis

Severity	Identified	Alleviated	Partially Alleviated	Acknowledged
	0	0	0	0
	8	3	0	5
	3	0	0	3
	3	3	0	0
	0	0	0	0

During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 10 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

Total Alleviations

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 🎯 Scope
• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style