Latest commit: [81116d6e729e029437340964f9e47b031c39f54e](https://github.com/gyrostable/protocol/commit/81116d6e729e029437340964f9e47b031c39f54e) ## 1 [Medium] First depositor can break the minting of shares Fixed in [c03689dd8198b362d9f504b450356e787a794939](https://github.com/gyrostable/protocol/commit/c03689dd8198b362d9f504b450356e787a794939) Updated in [7984e27b5e504157560e6f27509732e2417df32e](https://github.com/gyrostable/protocol/commit/7984e27b5e504157560e6f27509732e2417df32e) ## 2 [Medium] Order of vaultInfo.pricedTokens is not checked Fixed in [e890f541a49fc6e92e23d3b3e3605afce3cb9b09](https://github.com/gyrostable/protocol/commit/e890f541a49fc6e92e23d3b3e3605afce3cb9b09) ## 3 [Medium] Users might not receive rewards for the last period before rewardsEmissionEndTime Fixed in [e63a67761fdbaa13afbe87fda5abf5bafa5b3b6e](https://github.com/gyrostable/protocol/commit/e63a67761fdbaa13afbe87fda5abf5bafa5b3b6e) ## 4 [Low] Users can bypass the perUserSupplyCap limit during minting Fixed in [4765a6db1d3aabf8f4a378f0d5703ae49ae54ef3](https://github.com/gyrostable/protocol/commit/4765a6db1d3aabf8f4a378f0d5703ae49ae54ef3) ## 5 [Low] Users could bypass the externalCallWhitelist and execute arbitrary logic by using the "permit" functionality Fixed in [2f5df68cffd7cacb555b5efd07e85b1c8e7effc9](https://github.com/gyrostable/protocol/commit/2f5df68cffd7cacb555b5efd07e85b1c8e7effc9) ## 6 [Low] dryMint(...) result differs from mint(...) result Fixed in [378609f576a6c34308e17e48fba8a23ee3d7e9f5](https://github.com/gyrostable/protocol/commit/378609f576a6c34308e17e48fba8a23ee3d7e9f5) Updated in [7984e27b5e504157560e6f27509732e2417df32e](https://github.com/gyrostable/protocol/commit/7984e27b5e504157560e6f27509732e2417df32e) ## 7 [Info] XL value in the code and paper is different for isInSecondRegion(...) Paper has been updated paper. ## 8 [Info] Dead code in VaultRegistry Fixed in [f456f0bdc2c6b5ce2715369364597a17b92c06a1](https://github.com/gyrostable/protocol/commit/f456f0bdc2c6b5ce2715369364597a17b92c06a1) ## 9 [Info] Excessive memory allocation in the function batchRelativePriceCheck(...) Fixed in [0f5d9de3b189eebdadb58565f3e0b518b3d897f3](https://github.com/gyrostable/protocol/commit/0f5d9de3b189eebdadb58565f3e0b518b3d897f3) ## 10 [Info] Region detection does not exclude equality cases Fixed in [96d499646443e59e4601078a3a19523e0ea8cb0c](https://github.com/gyrostable/protocol/commit/96d499646443e59e4601078a3a19523e0ea8cb0c) ## 11 [Info] Return value of 0 from ecrecover is not checked Fixed in [4196e4e3be81e4686a3a88dcaea5a8bffb98a1f4](https://github.com/gyrostable/protocol/commit/4196e4e3be81e4686a3a88dcaea5a8bffb98a1f4) ## 12 [Info] Users can execute calls from the Motherboard contract Fixed in [2f5df68cffd7cacb555b5efd07e85b1c8e7effc9](https://github.com/gyrostable/protocol/commit/2f5df68cffd7cacb555b5efd07e85b1c8e7effc9) ## 13 [Info] Users might lose everything if they do not call the function withdraw(...) when a pending withdrawal is available immediately Risk is accepted. This will be documented to the users. ## 14 [Best Practice] Interface AggregatorV2V3Interface has multiple functions from deprecated Chainlink API Fixed in [e8605e621aaa4d7532ec9456b01d86c35a953fa8](https://github.com/gyrostable/protocol/commit/e8605e621aaa4d7532ec9456b01d86c35a953fa8) ## 15 [Best Practice] Returning the named returns is redundant Fixed in [caed7733a8cad6955d591a3b81ab75b03cd603ee](https://github.com/gyrostable/protocol/commit/caed7733a8cad6955d591a3b81ab75b03cd603ee) ## 16 [Best Practice] Upgradeability issues Fixed in [387c8405da88e3f37696c605a7fab109f5061be0](https://github.com/gyrostable/protocol/commit/387c8405da88e3f37696c605a7fab109f5061be0)
Last changed by  
Gyroscope
Gyroscope protocol
212

Read more

Governance audit

123456789101112131415161718192021Summary of IssuesFindingLiquidity Pool providers can create an infinite amount of delegated vote powerVoting power can be reused for proposal votingVoting power of users is not being correctly stored when votes are castAny user can mint a RecruitNFT after the first valid mintBurn actions affect users with withdrawal waiting time completedFunction claimNFT(…) can be frontrunFunction setSchedule(…) always reverts after it is called onceUnderflow in WrappedERC20WithEMA for withdraw transactionsWrappedERC20WithEMA can lock underlying tokens if elapsed time windows exceed 41Function _updateEMA() may fail when windowWidth is set to a low valueUsers cannot withdraw all their assets from GydRecoveryint256 unsafely casted to uint256 during EMA calculationsMax supply of recruitNFT cannot be reachedThe function setSchedule(…) accepts scheduleEndsAt equal to scheduleStartsAtUsers are forced to delegate voting power in LPVaultUsing delete on a Solidity array won’t decrease its lengthWrong value used in _getSelector(…)DataTypes.Status defaults to ActiveclaimNFT(…) does not properly check multiplierState variable owner is shadowed in the function claimNFT(…)Transaction status is not checkedSeverityCriticalCriticalCriticalHighHighHighHighHighHighMediumMediumMediumLowInfoInfoInfoInfoInfoInfoBest PracticesBest PracticesUpdateUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolvedUnresolved

7/31/2023
Gyroscope Senior Smart Contract Engineer Job Description

Gyroscope is an all-weather stablecoin. It's backed by a reserve portfolio that diversifies all DeFi risks - such as regulatory and governance risks - not just price risk. A Gyro Dollar can be minted for a price near $1 and can be redeemed for an amount near $1 in reserve assets, as determined through a new Automated Market Maker (AMM) design that balances risk in the system and concentrates liquidity around the $1 peg. More information about the protocol is available here, with the documentation here. Gyroscope has already gone through a testnet, a prototype launch, as well as several audits and we are targeting a launch by end of Q2 2023. We are a team of around 8 people and many of us are finishing or have completed PhDs in Computer Science and Mathematics. We are looking for a passionate smart-contract engineer to join us. You will be working closely with our other smart contract engineers to build and test Gyroscope's smart contracts. Role Work on and enhance the design of the protocol's smart contracts

5/12/2023
Gyroscope Lead Frontend Engineer Job Description

Gyroscope is an all-weather stablecoin. It's backed by a reserve portfolio that diversifies all DeFi risks - such as regulatory and governance risks - not just price risk. A Gyro Dollar can be minted for a price near $1 and can be redeemed for an amount near $1 in reserve assets, as determined through a new Automated Market Maker (AMM) design that balances risk in the system and concentrates liquidity around the $1 peg. More information about the protocol is available here, with the documentation here. After a very successful testnet we are now looking forward to launching on mainnet. We're a team of around 6 and most of us are finishing or have completed PhDs in Computer Science and Mathematics. We are looking for a passionate front-end engineer to join us. You will be leading front-end development and will work closely with our smart contract engineers and design team to build and improve the Gyroscope frontend. We're planning to release V1 in Q4 2021. Role

7/27/2021
Read more from Gyroscope
Published on HackMD