# Audits * C4 audit: * Chain Defenders Audit:
## VaultCraft Audits ### Paladin * [20240616\_Paladin\_VaultCraft\_Final\_Report.pdf](https://384295866-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDCUWGERi18R9emmxWwO2%2Fuploads%2FUTItaeo9bDLr48XB5CFT%2F20240616_Paladin_VaultCraft_Final_Report.pdf?alt=media\&token=6a048b88-4355-489e-aeec-dfff319072e1) ### gjaldon * Multi-strategy audit: ### **Code4rena** * [Contest details & results](https://code4rena.com/contests/2023-01-popcorn-contest) * [The Ones in the Arena: PopcornDAO](https://medium.com/code4rena/the-ones-in-the-arena-popcorn-dao-af45db3793b8) (blog post byC4) * [Github repo](https://github.com/code-423n4/2023-01-popcorn) ### **BlockSec** * [blocksec\_popcorn\_v1.0-signed.pdf](https://384295866-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDCUWGERi18R9emmxWwO2%2Fuploads%2FgF4N9JVFD9kYVbxfqUOJ%2Fblocksec_popcorn_v1.0-signed.pdf?alt=media\&token=452a1fd8-84e6-4131-badc-4cfbe2d4584e)Open ### **Salus Security** * [ML rapid detection smart contract coverage](https://docs.google.com/spreadsheets/d/199NqAJW0HqGwGO_l11GWZqYGRlfsCmbRW6mJr3lq36M/edit?usp=sharing) ### **0xRuhum - C4 white hat audit** * [Popcorn Audit](https://gist.github.com/0xruhum/4252cee7e84da6bb5b0a19ed00b5e34e) ### **Zokyo** * [Smart Contract Audit](https://938792658-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDCUWGERi18R9emmxWwO2%2Fuploads%2FmBWIydyZzVeNBuK3u5an%2FZokyo%20Audit.pdf?alt=media\&token=2b1014dc-cf57-4130-a0ad-1b3721419ebe) **G0 Group** * [Security Review](https://938792658-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDCUWGERi18R9emmxWwO2%2Fuploads%2F0NB6k44GVu1IW2B2mOcG%2FPopcornMay2022.pdf?alt=media\&token=4e851e48-0df7-4e3c-b165-8217838ca043) ## Liquity V2 Audits * [ChainSecurity - Core Protocol Audit Report](https://www.chainsecurity.com/security-audit/liquity-bold-smart-contracts), December 2024 * [Dedaub - Core Protocol Audit Report I](https://dedaub.com/audits/liquity/liquity-v2-aug-28-2024/), August 2024 * [Dedaub - Core Protocol Audit Report II](https://dedaub.com/audits/liquity/liquity-v2-second-audit-nov-11-2024/), November 2024 * [Certora - Formal Verification](https://certora.cdn.prismic.io/certora/Z1tLJJbqstJ98b8J_LiquityVerificationReport.pdf), December 2024 * [Coinspect - Bold Core Smart Contract Audit](https://www.coinspect.com/doc/Coinspect%20-%20Smart%20Contract%20Audit%20-%20Liquity%20-%20Bold%20-%20v241231.pdf), December 2024 * [Coinspect - Bold Governance Audit](https://www.coinspect.com/doc/Coinspect%20-%20Smart%20Contract%20Audit%20-%20Liquity%20-%20Bold%20Governance%20-%20v250120.pdf), January 2025 * [ChainSecurity -Governance Smart Contract Audit](https://www.chainsecurity.com/security-audit/liquity-v2-governance), January 2025 * [Dedaub - Governance Audit 1](https://dedaub.com/audits/liquity/liquity-v2-governance-1st-audit-aug-12-2024/), August 2024 * [Dedaub - Governance Audit 2](https://dedaub.com/audits/liquity/liquity-v2-governance-2nd-audit-nov-11-2024/), November 2024 * [Dedaub - Governance Audit 3](https://dedaub.com/audits/liquity/liquity-v2-governance-3rd-audit-dec-22-2024/), January 2025 * [Recon - Liquity Security Review](https://github.com/GalloDaSballo/bold-review), October 2024 ### Liquity V2 Updates as of May 19, 2025 **Pull Request** [**889**](https://github.com/liquity/bold/pull/889): this fix removes the collateral compensation parameter in order to reduce the incentive that an attacker might have to trigger liquidation via redistributions of collateral instead of via the stability pool. In BitVault's setup, opening a trove and borrowing bvUSD will be subject to whitelisting, and allowed parties will have to keep high Collateralization Ratio (> 150%), thus reducing the probability of liquidation events at all. Furthermore, whitelisting is applied to liquidations as well, so we really don’t see this as an attack surface given liquidations will be carried out by known partners that don’t intend to manipulate the system for profit. **Pull Request** [**890**](https://github.com/liquity/bold/pull/890/files#diff-5adf4c8e77b6c6b3386cc4f4ea10b2fa143de797b6dbb75316c5cabdef910328) **&** [**893**](https://github.com/liquity/bold/pull/893)**: access control for addManager/removeManagers.** This fix introduces a shortcut on how managers (entities that can perform operations on behalf of a trove owner), are set. Specifically, a removeManager (an entity that can withdraw collateral/debt from the position) is now automatically assumed to be addManager (an entity that can add collateral/repay debt) as well. This is purely a QOL update, before that, you would need to explicitly set both add and remove managers, with no different behavior. **Pull Request** [**891**](https://github.com/liquity/bold/pull/891) - this fix allows that all troves in a branch can be closed. Before that wasn’t possible as at least 1 trove was supposed to stay always open in a branch. This isn’t really an issue as it can be easily mitigated by having one position with minimal debt/collateral open to allow bigger branches to get closed. **Pull Request** [**895**](https://github.com/liquity/bold/pull/895) - this fix add msg.sender to owner and ownerIndex params in the hashing function to determine the position troveId As Liquity stated, this is purely informational and not a bug, as a check for colliding troveId when opening a trove existed already, so there is no risk of overwriting open positions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bitvault.finance/security/audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.