Skip to content

V2.1 — Soken Audit Remediation

Choose a tag to compare

@kimandy7778 kimandy7778 released this 25 Jun 03:33
d7743e2

V2.1 — Soken Audit Remediation

Audited V2.0: tag v2.0.0 · Audit report: Soken APY-2026-06-001 (2026-06-23)

Findings summary

Severity Count Status
Critical 1 ✅ Fixed (F-17)
High 0
Medium 2 ✅ Fixed (F-01, F-02)
Low 4 ✅ Fixed (F-03, F-04, F-06, F-07)
Informational (code-change) 5 ✅ Fixed (F-05, F-15, F-16 docs, +X-listed)
Informational (acknowledged) 4 Documented as design tradeoffs
Total 16 12 fixed + 4 acknowledged

Full per-finding mapping (root cause → V2.1 fix → regression test): docs/SOKEN_AUDIT.md

Critical highlight — F-17

Soken's Foundry PoC reproduced a permanent vault brick: once totalSupply() returns to zero, the never-reset lastSharePrice baseline detonated the FeeTooHigh defensive guard on the next deposit and froze every entrypoint. Fixed in _accrue() + _withdraw(); the next deposit re-takes the lazy-init path and re-snaps the baseline cleanly.

Reproduced post-fix in test/v2/Vault.v21.spec.tstest_f17_freshDepositAfterEmptyVault_doesNotBrick.

Verification at this tag

  • npx hardhat compile — 16 Solidity files OK
  • npx hardhat test — 92 passing (4 fork specs pending without FORK=true)
  • npx hardhat test test/v2/Vault.v21.spec.ts — 14 V2.1-specific specs passing
  • forge test --fuzz-runs 10000 — 10 streaming-fee invariants × 10 000 iterations, zero failures

Status

Awaiting Soken remediation review against this tag. Production V2.0 contracts remain on-chain (immutable); V2.1 redeploy + voluntary V2.0 → V2.1 migration begins after the remediation review completes.

Commits

  • 7f34422 feat(v2.1): contracts — Soken APY-2026-06-001 remediation (9 findings)
  • eacb892 chore(v2.1): scripts — F-04g chain × strategy reward matrix + plumbing
  • a30190a test(v2.1): hardhat V2.1 spec + sync existing V2 specs to new constructor sigs
  • 5e3bb50 docs(v2.1): V2_DESIGN + TRUST_MODEL + SECURITY + new SOKEN_AUDIT — Soken remediation

Merged via PR #2.