• Sec. Infra Overview
  • Past Audits
  • Code Structure
  • Centralization
  • Exposure to other Defi
  • Recommendation
  • User Rating
  • Back
protocol logo

MellowFinance

Rating

BBB

Score63.00

LiquidRestaking

Sec. Infrastructure Overview

Current Bug Bounty:

No Bug Bounty

Bug Bounty Max Payout: 0 $
Has paid White Hats before:
Date of Last Audit: 1 Jan 1

Recent Security Incidents

  • Incident

    Amount Lost

    Date

Secured By

The Protocol is secured by

  • Name

    Type

    Website

  • logo of list item
    0
    View

Past Audits

Number of Audits

2

Number of Vul. Found

16

Date of Last Audit

1 Jan 1

Past Audit Reports

Last codebase change was on: 1 Jan 1

Show Code Locations
Show all Vulnerabilities

Vulnerabilities reported in past audits

Code Structure

Lines of Code

0

Amount of Contracts

106

External Integrations

0

Code Summery

Mellow LRT is a liquid restaking primitive that enables the permissionless creation of modular LRTs through a series of vault smart contracts designed for various risk profiles, overseen by LRT curators. The platform provides an overview of its architecture, smart contract details, audit links, and user tutorials. Additionally, Mellow ALM focuses on enhancing the efficiency of the DeFi ecosystem, particularly through the development of active liquidity management systems like Mellow Permissionless Vaults. The information was last updated eight months ago.

Show Dependency Graph

Code Structure & Dependency

Show Codefile metrics

Centralization

Decentralization Score

13 out of 20

Contract Upgradability

No upgradability

Frontend

Go to Dapp

Maintenance Score

2.00

Poor

Excellent

Admin / Governance Functions

Timelocks

Uses Timelocks

Pauseability

No pause

Admin Wallet

0x9437B2a8cF3b69D782a61f9814baAbc172f72003

Admin operate and manage the vaults

Staking modules can be pause/unpause

Timelock controller on deployment

Recommendations

In src/oracles/ChainlinkOracle.sol, the priceX96 function does not take into account IERC20(base).decimals() and IERC20(token).decimals() when converting. For the current deployment, this is not a problem because the system operates with tokens from the set [weth, wsteth, steth].

User Rating

Avg. User Rating

No ratings

No ratings yet

Submit your review

Protocols on SCAS can't offer incentives to hide reviews

Disclaimer:

SCAS conducts security assessments on the provided source code exclusively. Conduct your own due diligence before deciding to use any info listed at this page.

In case you find any information on this report is incorrect, please fill out following form:Feedback

About UsPrivacy Policy
SCAS Oy 2025All rights reserved.