Prepared by:
HALBORN
Last Updated 09/16/2025
Date of Engagement: August 28th, 2025 - September 4th, 2025
100% of all REPORTED Findings have been addressed
All findings
7
Critical
0
High
0
Medium
3
Low
1
Informational
3
CoreDAO engaged Halborn to conduct a security assessment of the BTCFi Lending Vault contracts developed by the b14g team from August 28th to September 4th, 2025. The scope of this assessment was limited to the smart contracts provided to the Halborn team. Commit hashes and additional details are documented in the Scope section of this report.
The Halborn team dedicated a total of five days to this engagement, deploying one full-time security engineer to evaluate the smart contracts’ security posture.
The assigned security engineer is an expert in blockchain and smart contract security, with advanced skills in penetration testing, smart contract exploitation, and a comprehensive understanding of multiple blockchain protocols.
The objectives of this assessment were to:
Verify that the smart contract functions operate as intended.
Identify potential security vulnerabilities within the smart contracts.
In summary, Halborn identified several areas for improvement to reduce both the likelihood and impact of potential risks, which were partially addressed by the b14g team. The primary suggestions included:
Implement comprehensive oracle data validation with staleness and confidence checks before using prices in calculations.
Establish proper historical reward state tracking to prevent exploitation of uninitialized mapping slots.
Add health factor validation after pool withdrawals to prevent liquidation risk.
Implement proper error handling for external contract calls with try-catch blocks.
Add event emissions for all administrative parameter changes to enhance transparency.
Make critical addresses configurable instead of hardcoded to support network flexibility.
Halborn employed a combination of manual, semi-automated, and automated security testing methods to ensure effectiveness, efficiency, and accuracy within the scope of this assessment. Manual testing was vital for uncovering issues related to logic, processes, and implementation details, while automated techniques enhanced code coverage and helped identify deviations from security best practices. The assessment involved the following phases and tools:
Research into the architecture and purpose of the smart contracts.
Manual review and walkthrough of the smart contract code.
Manual evaluation of critical Solidity variables and functions to identify potential vulnerability classes.
Manual testing using custom scripts.
Static security analysis of the scoped contracts and imported functions utilizing Slither.
Local deployment and testing with Foundry.
| EXPLOITABILITY METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Attack Origin (AO) | Arbitrary (AO:A) Specific (AO:S) | 1 0.2 |
| Attack Cost (AC) | Low (AC:L) Medium (AC:M) High (AC:H) | 1 0.67 0.33 |
| Attack Complexity (AX) | Low (AX:L) Medium (AX:M) High (AX:H) | 1 0.67 0.33 |
| IMPACT METRIC () | METRIC VALUE | NUMERICAL VALUE |
|---|---|---|
| Confidentiality (C) | None (C:N) Low (C:L) Medium (C:M) High (C:H) Critical (C:C) | 0 0.25 0.5 0.75 1 |
| Integrity (I) | None (I:N) Low (I:L) Medium (I:M) High (I:H) Critical (I:C) | 0 0.25 0.5 0.75 1 |
| Availability (A) | None (A:N) Low (A:L) Medium (A:M) High (A:H) Critical (A:C) | 0 0.25 0.5 0.75 1 |
| Deposit (D) | None (D:N) Low (D:L) Medium (D:M) High (D:H) Critical (D:C) | 0 0.25 0.5 0.75 1 |
| Yield (Y) | None (Y:N) Low (Y:L) Medium (Y:M) High (Y:H) Critical (Y:C) | 0 0.25 0.5 0.75 1 |
| SEVERITY COEFFICIENT () | COEFFICIENT VALUE | NUMERICAL VALUE |
|---|---|---|
| Reversibility () | None (R:N) Partial (R:P) Full (R:F) | 1 0.5 0.25 |
| Scope () | Changed (S:C) Unchanged (S:U) | 1.25 1 |
| Severity | Score Value Range |
|---|---|
| Critical | 9 - 10 |
| High | 7 - 8.9 |
| Medium | 4.5 - 6.9 |
| Low | 2 - 4.4 |
| Informational | 0 - 1.9 |
Critical
0
High
0
Medium
3
Low
1
Informational
3
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| Stale Oracle Data Enables Slippage Protection Bypass | Medium | Solved - 09/05/2025 |
| Historical Data Loss Enables Reward Theft | Medium | Solved - 09/05/2025 |
| Pool Withdrawal Without Health Factor Validation | Medium | Solved - 09/05/2025 |
| Unchecked External Call Return Values | Low | Risk Accepted - 09/10/2025 |
| Operator Role Centralization Risk | Informational | Solved - 09/10/2025 |
| Silent Changes Reduce Transparency | Informational | Acknowledged - 09/10/2025 |
| Hardcoded Network Addresses Reduce Flexibility | Informational | Acknowledged - 09/10/2025 |
//Medium
//Medium
//Medium
//Low
//Informational
//Informational
//Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
BTCFi Lending Vault
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed
