Summary

Gamma Strategies hired Arbitrary Execution to perform a code security audit of the Gamma Strategies Hypervisor. This report contains the results of the assessment of the smart contracts that comprise the Gamma Strategies Hypervisor, which acts as a non-custodial, automated, concentrated liquidity manager.

The audit revealed several vulnerabilities in the contracts including 3 high-severity, 2 medium-severity, and 7 low-severity issues. 13 informational notes were also identified. The vulnerability findings encompass a range of critical issues, including concerns such as variable declaration and shadowing. These problems have the potential to introduce incorrect values, impede the execution of vital functions, and compromise overall system reliability. Furthermore, our assessment has identified vulnerabilities associated with arbitrary address setting within the deposit function, raising significant security concerns. Additionally, the use of global variables instead of function parameters introduces further vulnerabilities, increasing the potential for unauthorized access or unintended data manipulation.

Of all the issues that were reported, 16 were resolved and 8 were partially resolved, and 1 non-security issue was left unresolved. Unrelated changes introduced during the fix process were disregarded.