Certik performed the audit of Tetu's new products, TetuSwap and Pawnshop. With this audit, Tetu continues to reinforce its commitment to prioritizing safety.
Tetu is eligible for all Certik recommendations and 62% of the 13 findings have been resolved.
Although all 3 major findings show the status of Unresolved in the audit report, all major findings are protected by a 48h time lock and the weakness of single point of failure is avoided through a multi signature wallet.
You can access the Certik audit:
TETU - CertiK Security Leaderboard
Security Review by DeFi Safety
Rex from DeFI Safety performed a safety review on Tetu. The end result of this safety review was an 87% score, a pass is 70%. The security review evaluated code, team, documentation, testing, security and access controls.
You can check out the DeFi Safety security review:
Tetu Finance Process Quality Review
Tetu was audited by PeckShield, Tetu's second audit, and no high risk issues were found. All issues were addressed by the team. PeckShield's conclusion was as follows:
"In this audit, we have analyzed the Tetu protocol design and implementation. Tetu is a decentralized yield aggregator that allows users to deposit into a decentralized liquidity platform and earn rewards in return. During the audit, we notice that the current code base is well organized and those identified issues are promptly confirmed and fixed. Meanwhile, we need to emphasize that smart contracts as a whole are still in an early, but exciting stage of development."
You can access the PeckShield audit:
Tetu PeckShield Security audit
Tetu was audited by DeFiYield. Most of critical issues were solved and DeFiYield's conclusion was as follows:
"The audited contracts are the main part of the Tetu.io ecosystem. Contracts are well written and commented with good readability. The Tetu team did a lot of work to remove all previously found vulnerabilities, including critical centralization issues. Timelock with announcement logic was provided for every critical contract change. It’s important to point out that the Controller contract still features certain centralization degree: the functions mintAndDistribute() and controllerTokenMove() enable the contract owner to have control over the protocol’s token distribution, but with the timelock delay. We are confident that any token distribution should be fully decentralized. However, there are no critical issues left, and users have an ability to monitor all announcements related to the token transfers. No suspicious functions were revealed during the auditing."