Objective: Audit all deployed Compound contracts that impact the security of governance proposals. Use this as a baseline to build internal knowledge of the Compound protocol for future proposal audits as well as security advisory and monitoring recommendations.
Date: 1-13-22
All contracts that makeup the core Compound protocol deployed on Ethereum mainnet with the exception of files covered in the cToken refactor.
- Repo: https://github.com/compound-finance/compound-protocol
- Branch: master
- Commit: https://github.com/compound-finance/compound-protocol/commit/4a8648ec0364d24c4ecfc7d6cae254f55030d65f
Currently deployed contracts (confirm they match the codebase versions):
Output from the code counter
Unitroller.sol Comptroller.sol CarefulMath.sol Exponential.sol ./Governance/Comp.sol InterestRateModel.sol PriceOracle.sol ./Governance/GovernorBravoDelegate.sol ./Governance/GovernorBravoInterfaces.sol ./Governance/GovernorBravoDelegator.sol Timelock.sol
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Solidity 11 3048 539 942 1567 350
───────────────────────────────────────────────────────────────────────────────
Comptroller.sol 1467 246 487 734 180
Governance/GovernorBravoDelegate.sol 432 63 131 238 75
Governance/Comp.sol 301 52 80 169 32
Governance/GovernorBravoInterfaces.sol 196 53 59 84 0
Exponential.sol 183 27 64 92 23
Unitroller.sol 148 33 51 64 13
Timelock.sol 111 31 2 78 10
CarefulMath.sol 85 13 24 48 13
Governance/GovernorBravoDelegator.sol 79 14 17 48 4
InterestRateModel.sol 30 4 20 6 0
PriceOracle.sol 16 3 7 6 0
───────────────────────────────────────────────────────────────────────────────
Total 11 3048 539 942 1567 350
───────────────────────────────────────────────────────────────────────────────
A refactor of the CToken contracts that is currently pending as a goverernance proposal. We can audit this in liu of the existing deployed contracts.
- PR: compound-finance/compound-protocol#152
- Repo: https://github.com/equilibria-xyz/compound-protocol
- Branch: rfp12-ctoken-cleanup
- Commit: https://github.com/equilibria-xyz/compound-protocol/commit/01948c6a2075b35e6953984c41356ad2fc884d98
Currently deployed contracts (will be used for new implmentation in proxy upgrade):
CErc20.sol CErc20Delegate.sol CToken.sol CTokenInterfaces.sol ComptrollerInterface.sol EIP20Interface.sol EIP20NonStandardInterface.sol ErrorReporter.sol ExponentialNoError.sol InterestRateModel.sol
───────────────────────────────────────────────────────────────────────────────
Language Files Lines Blanks Comments Code Complexity
───────────────────────────────────────────────────────────────────────────────
Solidity 10 2307 365 944 998 131
───────────────────────────────────────────────────────────────────────────────
CToken.sol 1200 186 532 482 121
CTokenInterfaces.sol 293 61 134 98 0
CErc20.sol 226 22 100 104 5
ExponentialNoError.sol 171 33 31 107 1
ErrorReporter.sol 137 22 11 104 0
ComptrollerInterface.sol 72 13 5 54 0
EIP20NonStandardInterface.sol 71 10 50 11 0
EIP20Interface.sol 63 8 41 14 0
CErc20Delegate.sol 44 7 19 18 4
InterestRateModel.sol 30 3 21 6 0
───────────────────────────────────────────────────────────────────────────────
Total 10 2307 365 944 998 131
───────────────────────────────────────────────────────────────────────────────