Paribus

We express our gratitude to the Paribus team for the collaborative engagement that enabled the execution of this Smart Contract Security Assessment.

Paribus is a cross-chain borrowing and lending protocol for NFTs, liquidity positions, and synthetic assets, powered by the Cardano blockchain.

The system users should acknowledge all the risks summed up in the risks section of the report

The Paribus Protocol is an Ethereum smart contract for supplying or borrowing assets. Through the pToken contracts, accounts on the blockchain supply capital (Ether or ERC-20 tokens) to receive pTokens or borrow assets from the protocol (holding other assets as collateral). The Paribus pToken contracts track these balances and algorithmically set interest rates for borrowers. The core contracts in the Paribus Protocol:

• PToken, PErc20 and PEther — the Paribus pTokens, self-contained borrowing and lending contracts. PToken contains the core logic, and PErc20 and PEther add public interfaces for Erc20 tokens and Ether, respectively. Each PToken is assigned an interest rate and risk model, and allows accounts to mint (supply capital), redeem (withdraw capital), borrow and repay a borrow. Each PToken is an ERC-20 compliant token where balances represent ownership of the market.

• Comptroller — the risk model contract, which validates permissible user actions and disallows actions if they do not fit certain risk parameters. For instance, the Comptroller enforces that each borrowing user must maintain a sufficient collateral balance across all pTokens.

• Paribus (PBX) — the Paribus Governance Token.

• InterestRateModel — contracts which define interest rate models. These models algorithmically determine interest rates based on the current utilization of a given market (that is, how much of the supplied assets are liquid versus borrowed).

• WhitePaperInterestRateModel — initial interest rate model, as defined in the Whitepaper. This contract accepts a base rate and slope parameter in its constructor.

The total Documentation quality score is 5 out of 10.

• Customer provided superficial functional and technical requirements.

The total Code quality score is 7 out of 10.

• Commented code.

• TODO comments.

• Unit tests were provided.

Architecture quality

The architecture quality score is 10 out of 10.

• Follows best practices.

Upon auditing, the code was found to contain 0 critical, 0 high, 2 medium, and 0 low severity issues. Out of these, 1 issues have been addressed and resolved, leading to a Security score of 10 out of 10.

All identified issues are detailed in the “Findings” section of this report.

The comprehensive audit of the customer's smart contract yields an overall score of 9.2. This score reflects the combined evaluation of documentation, code quality, test coverage, and security aspects of the project.

The scope of the project includes the following smart contracts from the provided repository: