Quantstamp Audits Curve Finance Liquidity Mining

Quantstamp Announcements
August 18, 2020

Quantstamp is happy to announce that we have finished our audit of Curve Finance’s CRV token reward mechanism and CurveDAO. 

Curve Finance is an Automated Market Maker focused on stable asset swaps. Using bonding curves optimized for stable-assets, it minimizes slippage for stablecoin and other stable-pair trades. 

“Curve Finance is a cutting edge decentralized exchange that is also exploring the cutting edge of decentralized governance,” noted Richard Ma, CEO of Quantstamp. “We are excited to help them make sure CurveDAO is secure and ready to take them to the next stage.“ 

“With CRV, we are doing governance token distribution, staking and voting in a new way,” said Michael Egorov, founder of Curve Finance. “Quantstamp worked closely with us to help make sure this new design will work in the field.”

Curve Finance

Launched in January, 2020, Curve’s user adoption has been steady. It currently has over $1B in deposits and processes over $60M of daily volume*.

Users can conduct low-slippage trades on Curve Finance, or provide liquidity to the platform for a portion of trading fees. Through integration with third party DeFi projects such as Yearn Finance, Compound, and Synthetix, liquidity providers also earn extra yield on top of trading fees. This yield comes from lending platform fees and token incentives. 

Liquidity providers can now also claim CRV, the native governance token. 

What is CRV?

CRV is a governance token for CurveDAO, an Aragon DAO that governs the Curve Finance platform. 

Unlike standard on-chain governance systems, Curve’s voting mechanism weights both time and amount staked. Users who lock up their CRV tokens longer have their vote counted more, and so do users who lock up more tokens.

Besides increased voting power, users who lock up their CRV and vote also increase their CRV reward distribution. This incentivizes governance participation.

If you wish to learn how to provide liquidity on Curve to earn CRV, or learn more about the CRV token, the Curve blog has more details. 

CRV Distribution

Curve’s CRV token has a total supply of 3.03 billion, with 62% being distributed through liquidity mining. Users who provide liquidity on Curve Finance will earn a share of these rewards. 

5% of the initial distribution will go to users who have already supplied liquidity on Curve prior to CRV’s launch. The remaining 57% will be distributed going forward. Distribution is decided through the user’s share of the liquidity on Curve, as well as their participation in CurveDAO governance. Curve’s Medium Article has more details on the distribution, staking and voting mechanics of CRV. 

Quantstamp’s audit covered the Vyper smart contracts controlling the token reward mechanism as well as the controller logic used to distribute the tokens. Three engineers, including two PhDs, looked at four Vyper smart contracts: LiquidityGauge, GaugeController, LiquidityGaugeReward, and VestingEscrow from 7-21-2020 through 8-05-2020. Issues found were communicated to Curve, fixes were implemented by them, and we issued the final report 

During the audit, a total of 11 potential issues with varying levels of severity were found: one high-severity, one medium-severity, one low-severity, one undetermined-severity, and seven informational-level findings. Additionally, several best practices recommendations were also made regarding naming, documentation, and other suggestions. Several of the issues, including all high risk issues, were addressed by the Curve team. 

The full audit report can be found on the CurveDAO site here.

*as of August 18th, 2020, according to Curve.fi statistics

About Curve

Curve is an exchange liquidity pool on Ethereum designed for extremely efficient stablecoin trading, and low risk, supplemental fee income for liquidity providers, without opportunity cost.

Curve allows users and smart contracts like 1inch, ParaSwap, Totle and DEX.AG to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $5 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Quantstamp Announcements
August 18, 2020

Quantstamp is happy to announce that we have finished our audit of Curve Finance’s CRV token reward mechanism and CurveDAO. 

Curve Finance is an Automated Market Maker focused on stable asset swaps. Using bonding curves optimized for stable-assets, it minimizes slippage for stablecoin and other stable-pair trades. 

“Curve Finance is a cutting edge decentralized exchange that is also exploring the cutting edge of decentralized governance,” noted Richard Ma, CEO of Quantstamp. “We are excited to help them make sure CurveDAO is secure and ready to take them to the next stage.“ 

“With CRV, we are doing governance token distribution, staking and voting in a new way,” said Michael Egorov, founder of Curve Finance. “Quantstamp worked closely with us to help make sure this new design will work in the field.”

Curve Finance

Launched in January, 2020, Curve’s user adoption has been steady. It currently has over $1B in deposits and processes over $60M of daily volume*.

Users can conduct low-slippage trades on Curve Finance, or provide liquidity to the platform for a portion of trading fees. Through integration with third party DeFi projects such as Yearn Finance, Compound, and Synthetix, liquidity providers also earn extra yield on top of trading fees. This yield comes from lending platform fees and token incentives. 

Liquidity providers can now also claim CRV, the native governance token. 

What is CRV?

CRV is a governance token for CurveDAO, an Aragon DAO that governs the Curve Finance platform. 

Unlike standard on-chain governance systems, Curve’s voting mechanism weights both time and amount staked. Users who lock up their CRV tokens longer have their vote counted more, and so do users who lock up more tokens.

Besides increased voting power, users who lock up their CRV and vote also increase their CRV reward distribution. This incentivizes governance participation.

If you wish to learn how to provide liquidity on Curve to earn CRV, or learn more about the CRV token, the Curve blog has more details. 

CRV Distribution

Curve’s CRV token has a total supply of 3.03 billion, with 62% being distributed through liquidity mining. Users who provide liquidity on Curve Finance will earn a share of these rewards. 

5% of the initial distribution will go to users who have already supplied liquidity on Curve prior to CRV’s launch. The remaining 57% will be distributed going forward. Distribution is decided through the user’s share of the liquidity on Curve, as well as their participation in CurveDAO governance. Curve’s Medium Article has more details on the distribution, staking and voting mechanics of CRV. 

Quantstamp’s audit covered the Vyper smart contracts controlling the token reward mechanism as well as the controller logic used to distribute the tokens. Three engineers, including two PhDs, looked at four Vyper smart contracts: LiquidityGauge, GaugeController, LiquidityGaugeReward, and VestingEscrow from 7-21-2020 through 8-05-2020. Issues found were communicated to Curve, fixes were implemented by them, and we issued the final report 

During the audit, a total of 11 potential issues with varying levels of severity were found: one high-severity, one medium-severity, one low-severity, one undetermined-severity, and seven informational-level findings. Additionally, several best practices recommendations were also made regarding naming, documentation, and other suggestions. Several of the issues, including all high risk issues, were addressed by the Curve team. 

The full audit report can be found on the CurveDAO site here.

*as of August 18th, 2020, according to Curve.fi statistics

About Curve

Curve is an exchange liquidity pool on Ethereum designed for extremely efficient stablecoin trading, and low risk, supplemental fee income for liquidity providers, without opportunity cost.

Curve allows users and smart contracts like 1inch, ParaSwap, Totle and DEX.AG to trade between DAI and USDC with a bespoke low slippage, low fee algorithm designed specifically for stablecoins and earn fees. Behind the scenes, the liquidity pool is also supplied to the Compound protocol or yearn.finance where it generates even more income for liquidity providers.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $5 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Leading DeFi Projects Get Quantstamp Audits
Find out more
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.