Audits
This section explains about the audits done for ZeroLend
ZeroLend is a dynamic lending protocol that closely resembles Aave V3. It was developed as a fork from the original Aave protocol. As a result, ZeroLend inherits the battle-tested and audited smart contract codebase from Aave V3.
Since ZeroLend doesn't introduce any changes or modifications to the existing code, it benefits from the extensive audits conducted on Aave V3. This strong foundation ensures the security and reliability of ZeroLend's protocol, providing users with a trusted and proven lending platform without the need for additional audits.
The ZeroLend team has further taken steps to secure the protocol by conducting external audits with reputed third-party auditors Mundus.dev and Peckshield.
External Audit by Mundus. dev
Mundus conducted a comprehensive audit for ZeroLend, which included analyzing deployed smart contracts, Git repos, and contract storage.
Here's a summary of findings in the Mundus audit:
There are no issues concerning the consistency among the codebase of verified contracts on ZeroLend.
The forked repositories do not contain any changes to the Aave codebase that would compromise the protocol's security.
The contents of the contracts in SoW, which are unverified by the zkSync Era explorer, have been identified and are safe to use.
All verified contracts have a consistent codebase.
All verified contracts use consistent versions of respective dependencies.
The ZeroLend codebase contains no changes that undermine the security of logic provided by Aave.
Visit our GitHub page to read the Mundus audit report in detail:
Following the report, all ownership of the protocol has been moved into a Timelock contract and Multisig wallet.
External Audit by Peckshield
Peckshield conducted an in-depth audit for ZeroLend. It analyzed coding bugs, executed semantic checks, and performed advanced DeFi scrutiny (including Oracle security, business logic, and escrow).
In our audit, Peckshield highlighted 8 medium—to low-severity issues: medium (2), Low (5), and Informational (1).
Peckshield concluded that ZeroLend smart contracts are well-designed and engineered, though resolving the identified issues can improve their implementation.
Please note that those identified issues are promptly confirmed and addressed.
Read ZeroLend's Peckshield Audit report on our GitHub page:
Existing Audits from Aave
By leveraging the well-established codebase of Aave V3, ZeroLend can focus on delivering a seamless and user-friendly experience while upholding the highest standards of safety in the DeFi space.
You can find a list of audits done over here:
Auditor Report | Audit Type | Date |
---|---|---|
Smart Contract | 01-27-2022 | |
Smart Contract | 01-27-2022 | |
Formal Verification | 11-12-2021 - 01-24-2022 | |
Smart Contract | 01-14-2022 | |
Smart Contract | 01-07-2022 | |
Smart Contract | 01-11-2021 |
Bug Bounty Contests
ZeroLend also organized bug bounty contests in collaboration with the leading bug bounty platforms. These contests invite white-hat security analysts to dive deep into our codebase to find vulnerabilities.
We hosted bug bounty competitions on Cantina and Immunefi with a combined reward pool of nearly $300,000.
Cantina Bug Bounty: https://twitter.com/cantinaxyz/status/1743332737074020704
Immunefi Bug Bounty: https://twitter.com/zerolendxyz/status/1761072126776488023
Last updated