VLO - Smart Contract Audit Report


VELO Audit Report VLO is an fully-decentralized rebase token, with a brand new rebasing mechanism. Instead of rebasing based on price or market capitalization, it rebases based on the “velocity” of the token. This means that the supply of the token increases or decreases over time based on the number of transactions in a given period of time. VLO's configuratino is based on economic theories from Austrian school of Economics and blockchain technology enables VLO to be the first implementation of these theories. .

We audited VLO at commit b10dfc08730f6c83c35e3a40d48e2ca36208a897 on GitHub. The contracts are deployed at the addresses below.

Audit Findings Summary:
  • VLO token rebases based on the tokens adoption velocity. The rebase percentage is based upon the transfers of the token that occur.

  • VLO token can only be minted via the rebase function (to implement rewards based on the token's velocity) or with governance approval.
  • Currently the Mises Legacy Pool receives these velocity based rewards to incentivize users to provide liquidity.

  • Any changes to the protocol, minting, or decisions on how to distribute funds require governance approval and delayed implementation via the timelock. Upgrading any contracts or setting staking reward rates, for example, require governance approval.
  • The goverannce implementation is a fork of Compound's, allowing token holders to vote on proposed transactions that affect the future of the protocol.

  • The protocol has staking pools where users can stake assets or LP tokens to earn rewards in VLO.
  • Each transfer of the token mints a small amount of Chi Gas Token. These tokens are sent to the Timelock contract, which is controlled by the governance system.
  • Anyone can call the rebase function, though it can only be executed once sufficient time has passed. The function cannot be called by a contract. This is not a security issue.

  • No security issues from outside attackers were identified.
  • VLO's contracts are well written, came with passing test cases, and had useful documentation.
  • Compared to most DeFi projects, the control over VELO Protocol is highly decentralized.
  • Date: December 19th, 2020




VELODelegator (Token)


VLO's token contract, controlled by VELODelegate.
Function Graph.   Inheritance Chart.



Proxy through which to control the token.
Function Graph.   Inheritance Chart.



Controls rebases of the token.
Function Graph.   Inheritance Chart.



Handles fees related to Chi Gas Token.
Function Graph.   Inheritance Chart.



Governance to control the protocol; forked from Compound.
Function Graph.   Inheritance Chart.



Timelock contract to delay changes to the protocol.
Function Graph.   Inheritance Chart.


See addresses for various assets here.

Note: The contracts for all of the staking pools are the same.
Function Graph.   Inheritance Chart.

External Threats - Audit Results

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
State Change External CallsN/APASS
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS