ZeroLend Docs
WebsiteApp
  • Welcome to ZeroLend
  • Overview
    • Lending and Borrowing
      • Parameters
      • zLP Token Distribution
    • Assets Listings
      • Supported Assets
  • Features
    • LRT Lending Market
    • RWA Lending
      • RWA Stablecoin Market
    • Capital Efficiency
      • High Efficiency Mode (E-Mode)
      • Isolation Mode
      • Supply/Borrow Caps
    • Liquidations
      • Liquidation Guide for Developers
    • Credit Card
  • Airdrop Incentives
    • Zero Gravity
      • Voyage 1: Zero to Zillion
        • Chapter 1: Ignition 🔥
        • Chapter 2: LiftOff 🚀
        • Chapter 3: Boost âš¡
  • Governance
    • Zeronomics
      • Token Utility
      • Token Distribution
      • Staking
        • Single Token Staking
        • zLP Staking
        • Stake on StakeDAO (sdZERO)
      • Emissions
        • Emission Strategy
          • Protocol Power/Weight
          • Deconstructing the Weighted Percentage (T_p) Calculation
          • Construction of zLP & $ZERO Power
      • Buybacks and Burn
    • Discussion Forum
  • Security
    • Audits
    • Oracles
      • PYTH Oracles
      • Redstone
      • API3 Oracles
      • Chainlink
      • eOracle
    • Deployed Addresses
    • Timelocked Multisig Admin
    • Insurance Fund
  • Tutorials
    • Basic Tutorials
      • Supply Assets
      • Borrow Collateral
      • Claim ZERO
      • Stake ZERO
    • Yield Strategies
      • Passive LRT Strategies
      • Leverage Exposure
    • Guidebook: Farm on Linea Market
    • Stake ZERO (zLP) Tokens
  • Important Links
    • Twitter
    • Discord
    • Github
Powered by GitBook
On this page
  • External Audit by Mundus. dev
  • External Audit by Peckshield
  • Existing Audits from Aave
  • External Audits from Halborn Security
  • External Audits from Zokyo
  • Bug Bounty Contests

Was this helpful?

Edit on GitHub
  1. Security

Audits

This section explains about the audits done for ZeroLend

PreviousBuybacks and BurnNextOracles

Last updated 4 months ago

Was this helpful?

ZeroLend is a dynamic lending protocol that closely resembles Aave V3. It was developed as a fork from the original Aave protocol. As a result, ZeroLend inherits the battle-tested and audited smart contract codebase from Aave V3.

Since ZeroLend doesn't introduce any changes or modifications to the existing code, it benefits from the extensive audits conducted on Aave V3. This strong foundation ensures the security and reliability of ZeroLend's protocol, providing users with a trusted and proven lending platform without the need for additional audits.

The ZeroLend team has further taken steps to secure the protocol by conducting external audits with reputed third-party auditors and .

External Audit by Mundus. dev

Mundus conducted a comprehensive audit for ZeroLend, which included analyzing deployed smart contracts, Git repos, and contract storage.

Here's a summary of findings in the Mundus audit:

  • There are no issues concerning the consistency among the codebase of verified contracts on ZeroLend.

  • The forked repositories do not contain any changes to the Aave codebase that would compromise the protocol's security.

  • The contents of the contracts in SoW, which are unverified by the zkSync Era explorer, have been identified and are safe to use.

  • All verified contracts have a consistent codebase.

  • All verified contracts use consistent versions of respective dependencies.

  • The ZeroLend codebase contains no changes that undermine the security of logic provided by Aave.

Visit our GitHub page to read the Mundus audit report in detail:

External Audit by Peckshield

Peckshield conducted an in-depth audit for ZeroLend. It analyzed coding bugs, executed semantic checks, and performed advanced DeFi scrutiny (including Oracle security, business logic, and escrow).

In our audit, Peckshield highlighted 8 medium—to low-severity issues: medium (2), Low (5), and Informational (1).

Peckshield concluded that ZeroLend smart contracts are well-designed and engineered, though resolving the identified issues can improve their implementation.

Please note that those identified issues are promptly confirmed and addressed.

Read ZeroLend's Peckshield Audit report on our GitHub page:

Existing Audits from Aave

By leveraging the well-established codebase of Aave V3, ZeroLend can focus on delivering a seamless and user-friendly experience while upholding the highest standards of safety in the DeFi space.

You can find a list of audits done over here:

Auditor Report
Audit Type
Date

Smart Contract

01-27-2022

Smart Contract

01-27-2022

Formal Verification

11-12-2021 - 01-24-2022

Smart Contract

01-14-2022

Smart Contract

01-07-2022

Smart Contract

01-11-2021

External Audits from Halborn Security

Scope & Methodology

  • Comprehensive Code Review: Halborn conducted a thorough audit of ZeroLend’s smart contracts, focusing on potential attack vectors and logic flaws.

  • Layer-2 & Multi-Chain Expertise: The engagement included specialized consulting on multi-chain integrations and L2-specific security considerations.

  • Ongoing Support: Halborn utilized a Security-as-a-Service (SAaaS) model, providing live assistance and detailed guidance throughout the process.

Key Findings & Outcomes

  • Logic Flaw Prevention: A critical flaw in ZeroLend’s staking contract was identified and rectified before any exploitation could occur.

  • Enhanced Security Awareness: Halborn provided comprehensive security training, boosting internal best practices and cultivating a security-first culture.

  • Future-Proofing: Their proactive approach mitigated not only current vulnerabilities but also potential future threats as ZeroLend grows.

Read the Case Study

External Audits from Zokyo

Scope & Highlights

  • Comprehensive Coverage: Zokyo achieved 100% testable code coverage, surpassing industry standards.

  • Zero Critical or High Vulnerabilities: The audit found no issues classified as critical or high, underscoring the platform’s reliability.

  • Actionable Recommendations: Zokyo provided a set of recommendations to enhance ZeroLend’s security posture, all of which are being implemented.

Key Takeaways

  • Reinforced Code Integrity: Passing the Zokyo audit with zero critical findings confirms ZeroLend’s core functionality is secure.

  • Continuous Improvement: Implementation of recommended improvements ensures that our protocol evolves alongside emerging threats.

  • Public Transparency: A summary of the audit is available for community review, reflecting our commitment to openness.

Read the report:

Bug Bounty Contests

ZeroLend also organized bug bounty contests in collaboration with the leading bug bounty platforms. These contests invite white-hat security analysts to dive deep into our codebase to find vulnerabilities.

We hosted bug bounty competitions on Cantina and Immunefi with a combined reward pool of nearly $300,000.

Following the report, all ownership of the protocol has been moved into a .

ZeroLend engaged —a specialized blockchain security firm—to address two primary challenges: securing our smart contracts from potential vulnerabilities and managing the complexity of a multi-chain, Layer-2 environment.

ZeroLend partnered with to perform an in-depth assessment of our smart contracts. This audit further validated the robustness of our code and identified areas to strengthen.

Cantina Bug Bounty:

Immunefi Bug Bounty:

Timelock contract and Multisig wallet
Halborn
Zokyo Security
https://twitter.com/cantinaxyz/status/1743332737074020704
https://twitter.com/zerolendxyz/status/1761072126776488023
ABDK
SigmaPrime
Certora
Peckshield
Trail of Bits
OpenZeppelin
Mundus.dev
Peckshield
https://github.com/zerolend/audits/blob/main/mundus/zerolend_report_depcheck_final.pdf
audits/peckshield at main · zerolend/auditsGitHub
Case Study: Strengthening ZeroLend’s Multi-Chain Lending Platform with HalbornHalbornSecurity
Zerolend - My Framer Site
Logo
Logo
Logo
Page cover image