Umee’s Security Audit Report by Least Authority

Umee’s mainnet upgrade is on its way with the latest addition of a Cosmos native leverage module that provides enhanced cross chain lending and borrowing capabilities to all DeFi users! We build our vision for a better decentralized finance world with 100% dedication to security and proactive measures to address any potential vulnerabilities. This time we partnered with Least Authority to conduct a comprehensive security review and the official audit report has been finalized! 

“We audited the system with full knowledge of the system's workings and various documentation. The thorough investigation included the flow of core functionalities, validation process and the system design.”

Least Authority performed an extensive review of Umee’s Gravity Bridge and Peggo with a transparent process using various methodologies including manual code review, vulnerability analysis, practical suggestions, and responsible disclosure. 

The 4-week audit covered 2 Github repositories, where Least Authority focused on reviewing the Gravity Bridge and Peggo orchestrator. The audit uncovered two issues: a/ Reliance on a single price oracle; b/ Cosmos account private key passed on the command line. Our engineering team promptly resolved those issues with Least Authority’s confirmation. We generalized the oracle code to sample multiple feeds instead of one. Meanwhile, the Umee team updated the code to accept the private key through an environment variable instead of an argument on the command line.

Safety of your assets on the Umee blockchain always comes first. The security of protocol is continuously enhanced as we are committed to bringing the safest cross chain DeFi experience to users possible and offering a smooth and transparent user journey. To interoperability and beyond!

Access the audit report from here.