Derivable

We express our gratitude to the Derivable team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Derion is a Perpetual Automated Market Maker (AMM) Protocol that offers infinite liquidity and no liquidation through a continuous compounding position with a novel family of asymptotic power curves.

The system users should acknowledge all the risks summed up in the risks section of the report

The Derivable project audit consists of different parts.

Derivable pool is a liquidity pool of perpetual derivatives for a single leverage. The participants of this system are long traders, short traders, and liquidity providers.

The ERC1155Maturity module implements an ERC1155 token with the additional functionality of adding a soft lock mechanism for newly minted tokens. These tokens gain their full functionality after the maturing time has elapsed.

The Shadow Token module is an extension of ERC-1155 that allows any of its IDs to deploy a Shadow ERC-20 token with its contract address for DeFi composability.

The files in the scope:

• ERC1155Maturity.sol - The ERC1155 modification which allows for the maturing functionality.

• IERC1155Maturity.sol - The interface for ERC1155Maturity.sol

• TimeBalance.sol - The helper library for handling the maturing times of ERC1155Maturity.sol

• MetaProxy.sol - The helper library for deploying shadow ERC20 contracts.

• Shadow.sol - The ERC20 contract that is deployed by individual IDs of ERC1155Maturity tokens.

• ShadowFactory.sol - The extension of ERC1155Maturity.sol which can deploy shadow tokens.

• IERC1155Supply.sol - The interface for returning the totalSupply of ERC1155 tokens.

• IShadowFactory.sol - The interface for the ShadowFactory.sol

• PoolFactory.sol - Factory contract to deploy Derivable pool using ERC-3448.

• PoolLogic.sol - The mathematic and finance logic of Derivable pool.

• PoolBase.sol - The base implementation of Derivable pool.

• Fetcher.sol - Interacts with oracles to obtain prices for swaps.

• Token.sol - A single ERC-1155 token shared by all Derivable pools which is also a ShadowFactory extension.

• Constants.sol - The contract for storing constant values.

• Storage.sol - The contract responsible for some of the variables in PoolBase.sol.

Privileged roles

• Users: Can trade long/short positions, and become liquidity providers.

• Pools: Can mint, burn its specific tokens that are used in the pools. A pool has this functionality on its own tokens only.

• Descriptor Setter: Sets a new descriptor or sets the address for ITokenDescriptor, which is responsible for storing the metadata of a token.

The total Documentation quality score is 10 out of 10.

• Technical description is partially provided.

The total Code quality score is 10 out of 10.

• The development environment is configured.

Code coverage of the project is 100% (branch coverage).

• Deployment and basic user interactions are covered with tests.

Upon auditing, the code was found to contain 0 critical, 1 high, 3 medium, and 1 low severity issues. Out of these, 5 issues have been addressed and resolved, leading to a Security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 10. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository:

Contracts in Scope