Security
As a commitment towards the safety of our users and partners, we want to be transparent about the changes and the status of the security audits of our smart contracts.
Carthage is a fork of Velodrome Finance which was adapted from Solidly, which codebase was open sourced in full by Andre Cronje and his team in March 2022. Since its release in February on Fantom network, no security incidents related to Solidly smart contracts were reported.
Before moving forward, we'd like to remind to our users that security audits do not eliminate risks completely and that every user should read and agree to our legal disclaimer before using Carthage!
For security reports, please reach out to us on Discord, or to the contacts provided on our Github page.
Audits
Solidly went through a partial (only the AMM part was sent for audit) security audit in January 30, 2022. The audit was done by PeckShield and did reveal 5 low-severity and 1 informal findings.
The full audit is available for download from Solidly git repository.
Velodrome Finance went through a security audit and a peer review as part of the Code4rena bug bouncy contest. A full MythX deep scan on Velodrome contracts found just a handful of false-positive, low-severity issues reported.
The Code4rena contest results were released on August 8, 2022 and are available here.
Lastly, the Velodrome Finance team also engaged with Coelacanth (@ImpossibleNFT) for an informal full audit. Reports from that audit are available here.
Bug Bounty Programs
Velodrome Finance ran a bug bounty contest on 23rd to 30th of May 2022 with awards up to $75,000 on Code4rena. The main scope of the contest was to cover all the new changes to the new and the original contracts.
Solidly's bug bounty program was launched in February 2022 on Immunefi.com. There were no claims for any of the $200,000 rewards (on their Github).
Contract Addresses
| Contract Name | Contract Address | Network |
|---|---|---|
| Carth | 0x | Scroll |
| GaugeFactory | 0x | Scroll |
| BribeFactory | 0x | Scroll |
| WrappedBribeFactory | 0x | Scroll |
| PairFactory | 0x | Scroll |
| Router | 0x | Scroll |
| CarthLibrary | 0x | Scroll |
| VeArtProxy | 0x | Scroll |
| VotingEscrow | 0x | Scroll |
| RewardsDistributor | 0x | Scroll |
| Voter | 0x | Scroll |
| Minter | 0x | Scroll |
| RedemptionReceiver | 0x | Scroll |
| CarthGovernor | 0x | Scroll |
| MerkleClaim | 0x | Scroll |
| RedemptionSender | 0x | Scroll |
All contracts are immutable. The latest public testnet deployment can be found here.
Differences from Velodrome
As of June 2023, we've compiled a list of key differences between Carthage and Velodrome Finances.
Major changes
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Minor changes
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Small changes
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
- Lorem ipsum dolor sit amet. Consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.