Certik performed the audit of Tetu's new products, TetuSwap and Pawnshop. With this audit, Tetu continues to reinforce its commitment to prioritizing safety.
Tetu is eligible for all Certik recommendations and 62% of the 13 findings have been resolved.
Although all 3 major findings show the status of Unresolved in the audit report, all major findings are protected by a 48h time lock and the weakness of single point of failure is avoided through a multi signature wallet. You can access the Certik audit:
Tetu was audited by PeckShield, Tetu's second audit, and no high risk issues were found. All issues were addressed by the team. PeckShield's conclusion was as follows:
"In this audit, we have analyzed the Tetu protocol design and implementation. Tetu is a decentralized yield aggregator that allows users to deposit into a decentralized liquidity platform and earn rewards in return. During the audit, we notice that the current code base is well organized and those identified issues are promptly confirmed and fixed. Meanwhile, we need to emphasize that smart contracts as a whole are still in an early, but exciting stage of development." You can access the PeckShield audit:
Tetu PeckShield Security audit
Tetu's new product, Tetu v2, was also audited by PeckShield and found to be secure. According to the auditor:
"Based on Tetu, the audited Tetu v2 introduces some new features, which enables protocol users to participate in governance with veTETU, improves the TetuVault with new deposit/withdraw fees, and introduces new SplitterV2 with auto-rebalance logic adopted to multiple farming strategies, etc. During the audit, we notice that the current code base is well organized and those identified issues are promptly confirmed and fixed. Meanwhile, we need to emphasize that smart contracts as a whole are still in an early, but exciting stage of development."
Tetu was audited by DeFiYield. Most of critical issues were solved and DeFiYield's conclusion was as follows: "The audited contracts are the main part of the Tetu.io ecosystem. Contracts are well written and commented with good readability. The Tetu team did a lot of work to remove all previously found vulnerabilities, including critical centralization issues. Timelock with announcement logic was provided for every critical contract change. It’s important to point out that the Controller contract still features certain centralization degree: the functions mintAndDistribute() and controllerTokenMove() enable the contract owner to have control over the protocol’s token distribution, but with the timelock delay. We are confident that any token distribution should be fully decentralized. However, there are no critical issues left, and users have an ability to monitor all announcements related to the token transfers. No suspicious functions were revealed during the auditing."
You can access the DefiYield audit:
Tetu DeFiYield Security audit