Smart Contract Audit

We recently had the opportunity to conduct a comprehensive audit of Velvet Capital‘s core v3 contracts of its latest productVelvet Capital, a leading Intent OS streamlining DeFi portfolio management & social trading, backed by Binance Labs, has developed an innovative solution to address key challenges in the DeFi space. Our audit aimed to ensure the security and efficiency of their smart contracts, supporting Velvet Capital’s mission to revolutionize on-chain fund management. 

softstack smart contract audit report on velvet capital

Client

Velvet Capital

Project

Solidity Smart Contracts

Industry 

DeFi

Service

Smart Contract Auditing

Velvet Capital stands out in the DeFi landscape with its comprehensive suite of tools designed for both seasoned professionals and DeFi enthusiasts. Their platform facilitates seamless trade execution, yield farming, and strategy automation across multiple blockchain ecosystems. We were particularly impressed by their emphasis on security and efficiency, exemplified by their non-custodial vaults and automated trading strategies. 

Our team at softstack approached this audit with a focus on several critical areas: 

  1. Compliance with Best Practices: We rigorously checked for adherence to smart contract best practices, including safeguards against common vulnerabilities like reentrancy attacks and overflow/underflow issues. 
  2. Effective Role-Based Access Control: Our audit verified the proper assignment and management of roles to ensure only authorized entities could execute privileged functions. 
  3. Secure Token Transfer Functions: We thoroughly evaluated token transfer functions to protect against unauthorized transfers and balance manipulation. 
  4. Accurate Fee Calculation and Charging Mechanisms: Our team validated fee calculation and charging mechanisms to ensure correct implementation and application during deposits and withdrawals.
  5. Correct and Secure Initialization Processes: We verified the secure and correct execution of contract initialization processes. 

Our comprehensive audit, combining manual review and automated analysis, uncovered around 50 issues, categorized by severity. Key findings included: 

High Severity Issues: 

  • Incorrect Parameter Order in Function Call 
  • Incorrect updated At Value Retrieval


Medium Severity Issues

  • Division by Zero in Portfolio Calculations Contract 
  • Incorrect Calculation Due to Mismatched Array Lengths 
  • Division Before Multiplication in Fee Calculations and Portfolio Calculations Contracts 
  • Potential Issue with UUPS Upgradeable in the _upgrade Function 


We also identified multiple low severity and informational issues related to Solidity style guide compliance, missing NatSpec comments, and optimization opportunities.
 

At softstack, we pride ourselves on our thorough approach. Our audit involved: 

  • Line-by-line review of the provided smart contract files 
  • Comparison with specifications 
  • Extensive testing to uncover potential vulnerabilities 
  • Use of advanced automated tools for symbolic execution and test coverage analysis 


We were pleased to see Velvet Capital’s swift response in addressing the identified issues, demonstrating their commitment to maintaining a secure platform.
 

Our audit of Velvet Capital’s Core v3 contracts of their latest product reinforces their dedication to enhancing security and reliability in the DeFi space. By addressing the identified vulnerabilities and adhering to best practices, Velvet Capital has significantly strengthened its platform’s security posture. 

This audit showcases softstack’s expertise in conducting thorough, insightful smart contract audits. Our ability to identify and help resolve complex issues across various severity levels underscores our position as a leading security partner in the Web3 space. 

At softstack, we continue to provide top-tier auditing services for smart contracts across various blockchain platforms. Our expertise in smart contract security, penetration testing, and Web3 infrastructure ensures that your projects are secure and compliant. 

Are you developing a DeFi platform or any blockchain-based application? Don’t leave your security to chance. Contact softstack today to learn how we can help safeguard your blockchain applications and enhance your platform’s security. 

For more information about Velvet Capital, visit: 


For a detailed look at our audit process and findings, check out the complete Smart Contract Audit Report [GitHub].
 

Services we provide

Softstack Case Studies

Click through our success stories and see how we have helped other companies
achieve their Web3 goals.