Arbitrary Execution conducted a smart contract security assessment of Milkomeda's Liquid Staking smart contracts, and is excited to publish our findings after the conclusion of the fix review. The full report is located on our publications repo.
Smart Contract Audit Summary & Scope
Two Arbitrary Execution Web3 security researchers performed a detailed, manual review of the codebase with a focus on Milkomeda's StakedMilkAda, StakingSmartContract, and Pillage contracts.
The assessment resulted in findings ranging in severity from critical to note (informational). A critical finding in the access control for contract upgrades allowed an arbitrary user to perform upgrades. Two high severity findings impacted the staking and unstaking calculations. Medium and low severity findings impacted the way the protocol generates transaction IDs and handles transactions. The note severity findings contained observations regarding code hygiene, documentation, and other best practices.
Smart Contract Audit Fix Review
The Milkomeda team has fixed all major issues identified in the engagement. Three note findings were marked acknowledged, partially fixed, or not fixed.
AE Does Audits and Retainers
AE publishes audit reports to our publication report with permission. To see our full list of public reports, and other great resources check it out on Github. Interested in our smart contract audit services? Contact us now to learn how we can help protect your protocol.