Audits and Security

Who audited Quill?

Liquity v2's smart contracts and protocol architecture underwent rigorous auditing by these firms:

Certora: A leader in formal verification for smart contracts, Certora ensures critical code correctness and security through advanced automated tools.

ChainSecurity: Specializing in blockchain security audits, ChainSecurity combines rigorous analysis with cutting-edge techniques to protect decentralized systems.

Coinspect: Known for its focus on smart contract and blockchain audits, Coinspect delivers security reviews tailored to DeFi protocols and crypto projects.

Dedaub: Offering deep-dive vulnerability assessments, Dedaub provides security solutions to enhance smart contract reliability and safeguard assets.

GetRecon: A prominent auditing firm, Recon strengthens protocol resilience through expert code reviews and meticulous vulnerability assessments.

On top of that, Quill was also audited by GetRecon.

What was audited?

The audits focused on critical areas to ensure security, functionality, and resilience, including:

• Smart Contracts: All core contracts, particularly those managing $USDQ issuance, collateralization and liquidation mechanisms, were checked for vulnerabilities and potential exploits.

• zk-Rollup Integration: The integration with Scroll’s zk-Rollup technology were assessed for security risks, ensuring seamless and safe Layer 2 functionality.

• Governance Modules: The governance contracts, launching in Q1, will undergo auditing to secure voting mechanisms, proposal handling, and treasury controls.

• Economic Security: An economic audit verified that the protocol’s fee structures, stability mechanisms and liquidation penalties are correctly implemented to prevent exploits or systemic risks.

These audits are fundamental to Quill’s commitment to user security and protocol reliability, ensuring a robust and secure DeFi platform for users.

How does Quill ensure security in zk-Rollups?

Quill ensures security within its zk-Rollup implementation by leveraging several layers of protection:

1. Zero-Knowledge Proofs: zk-Rollups generate cryptographic proofs (specifically, validity proofs) for every batch of transactions. These proofs are submitted to the Layer 1 blockchain, where they verify that each transaction in the rollup batch is valid. This mechanism prevents any fraudulent or incorrect data from being processed, as only valid proofs are accepted on Layer 1.

2. Inherited Layer 1 Security: Because zk-Rollups rely on the underlying security of Layer 1 (Ethereum, in the case of Quill on Scroll), they inherit its robust decentralization and security. This means that zk-Rollup transactions benefit from Ethereum’s consensus and integrity, adding a layer of protection against network attacks.

3. Audits and Code Reviews: Quill’s zk-Rollup implementation undergoes rigorous security audits by reputable firms like Trail of Bits and DeBaub. These audits review the smart contracts and rollup code for vulnerabilities, ensuring that the protocol maintains a secure and resilient architecture.

4. Data Availability on Layer 1: Quill’s zk-Rollup solution ensures data availability by recording transaction data on Layer 1. This means that in the unlikely event of an issue on Layer 2, all data required to restore the network’s state remains accessible and secure on Ethereum.

5. Continuous Monitoring: Quill employs real-time monitoring and alert systems to quickly detect and respond to any unusual activity or potential vulnerabilities. This proactive approach ensures ongoing security for user assets and transactions.

Together, these elements enable Quill to offer high performance without compromising on security, creating a reliable DeFi environment on zk-Rollups.