Summary
During Q1 2025, OpenZeppelin delivered 19 reviews in which we identified 86 total issues, including 2 critical and 7 high severity issues. We reviewed 38 governance proposals, audited 15 unique scopes, and enhanced monitoring to cover 4 new markets, 10 new assets, and 3 new networks. Compared to previous quarters, our completed audits this quarter represent a 114% increase over the quarterly average in the last year. Notably, we identified a critical severity issue in the Linea USDC Market deployment which would have exposed 100k USDC of bridged funds after proposal execution to theft and allowed an attacker to seize control of the Compound deployment on the Linea network.
Initiatives
Audits
Completed Audits (In chronological order by publish date)
- Compound Governor Upgrade Audit
- Comet Asset Extension Audit
- Mantle Market Admin Migration Review
- Comet Asset Extension Migration Audit
- Linea USDC Market Migration Review
- WBTC Comet Market Migration Review
- WBTC Collateral Assets Review
- Mantle USDe Migration Review
- wsuperOETHb, tETH, and Sky Collateral Assets Review
- Unichain USDC Market Migration Review
- Morpho Market Migration Review
- Ronin WETH Market Migration Review
- Proposal 381 Review
- Proposal 416 Review
- Proposal 414 Review
- Delegate Compensation Program Pilot - Proposal 409 Review
- Comet Rewards V2 Audit 2025-03
- CAPO Price Feed Audit
- Comet Wrapper For Base Assets Audit-readiness Assessment
Advisory
Community Multisig Management - We created transactions to update the membership of the community multisigs on each network to include latest member addresses, performing 14 updates across 5 networks, ensuring these critical security components remain up-to-date and properly maintained.
Monitoring
Our main focus in Q1 has been on internal refactoring of our monitoring systems to improve deployment speed for new markets. We’ve refactored 4 monitors: Governance Proposal Audits, Collateral Assets Monitor, Governance Automation, and L2 Governance Automation. We’ve expanded our monitoring coverage to 25 markets across 9 networks in total. Our governance automation queued 24 proposals and executed 23 proposals.
Our Request to the Community
As always, we’d like to ask the community to read our updates and feel welcome to get involved and provide feedback. We ask for the following:
- Keep us informed of any protocol changes we might need to audit in the future and weigh in on our current priorities in the backlog.
- Stay subscribed to the Compound Discord Monitoring Feeds.
As usual, feel free to share your feedback below or reach out directly to me on Discord, Telegram, or email:
- Email: Jared@OpenZeppelin.com
- Telegram: @jbrtn55
- Discord (in the Compound server): jbass.oz