Last updated
Last updated
We prioritize user and partner safety by being transparent about changes and security audits. Viridian Exchange is based on Velodrome Finance, which was adapted from Solidly by Andre Cronje's team in March 2022. Despite audits, some risks remain.
Solidly had a partial security audit in January 2022 by PeckShield, finding 5 low-severity and 1 informal issue.
Velodrome Finance was reviewed during a Code4rena bug bounty contest and underwent a full MythX deep scan, finding only low-severity false positives. The Code4rena results were published on August 8, 2022 and can be accessed here. All major issues were fixed except one: users could claim rewards from ExternalBribe contracts multiple times, which is being resolved with a wrapped contract.
This issue doesn't risk user funds. Protocols planning to deposit external bribes should contact the core team for solutions. More details on Velodrome's C4 contest are available here.
We decided not to do a second audit on the Velodrome Finance contracts. Since we're using their hard-forked contracts, there's no need to spend funds on another audit. The protocol has run smoothly for 1.5 years without any security issues.
Instead, we're using the audit funds to enhance our platform and develop new DeFi features. However, we did get an audit from Verichains for extra security. You can find it here.