Intro
Gamma is a DeFi protocol that provides automated management of concentrated liquidity on supported platforms such as Uniswap and Quickswap. It features the Gamma Vault, a non-custodial contract that can manage a liquidity pool using various Gamma Strategies to maximize profit.
Challenge
In 2022, the Gamma team set out with the goal of evolving from a bleeding-edge liquidity management solution to a battle-tested DeFi primitive. The team created version two of the Gamma protocol, resulting in a significant overhaul of the existing codebase. For a successful launch, and to ensure their users' funds would be safe on the platform, Gamma had to be certain that their new implementation could stand up to attackers.
Solution
A third-party audit presented an opportunity for security experts to evaluate the new implementation and make security recommendations ahead of the v2 launch.
Arbitrary Execution was positioned as a strong choice as a security partner due to their past experience with the Gamma protocol. The development team had already created monitoring tooling for Gamma with a suite of Forta bots, which reduced auditor spin-up time on the codebase, and left researchers with more time to think about novel attacks on the protocol.
Arbitrary Execution security researchers performed an audit of the Gamma v2 code. The Arbitrary Execution audit process included a detailed, manual review of the source code as well as the use of highly customized automated static analysis tools. Multiple engineers analyzed each line of code to ensure the review was thorough.
Results
The engagement successfully uncovered security vulnerabilities. The audit resulted in 22 issues of varying severity, including 3 high severity issues that could have resulted in loss of funds for the protocol. After reviewing the audit findings, the Gamma team produced fixes for a majority of the issues in the report, and Arbitrary Execution reviewed the fixes. Each fix was scrutinized to ensure the core issue was addressed, and that no regressions were introduced.
After the audit engagement, the Gamma team successfully launched the second version of the protocol. Gamma has been operating smoothly ever since, and now has over $8 million TVL.
