Quantstamp is a Y Combinator-backed company that helps to secure blockchain platforms at scale using computer-aided reasoning tools, with a mission to help boost the adoption of this exponentially growing technology.
To date, Quantstamp has protected $5B in digital asset risk from hackers and assisted dozens of blockchain projects globally through its white glove security assessment services.
Their team has decades of combined experience in formal verification, static analysis, and software verification, and have used this experience to perform a full safety audit on the Curve.fi code.
A team of Quantstamp auditors have independently reviewed the Curve.fi code and documentation, and found that it conformed to the provided specification.
The following quote was taken from the full audit report, which can be found here.
During the audit, we found potential issues with varying levels of severity: one high-severity, two medium-severity, six low-severity issues, and seven informational-level findings. The code looks well-structured and concise, however, the pdf documentation may be slightly out-of-date. Additionally, more comments explaining large functions in the implementation are necessary for lowering the difficulty of future maintenance. Finally, we made 12 best practice recommendations which include naming, documentation, and other suggestions.
The Quantstamp audit can be added to the list of independent safety checks that have been performed on the Curve.fi code, including those by Trail of Bits, and MixBytes.