Slither Analysis
Overview
Slither is a static analysis framework for Solidity developed by Trail of Bits. It detects vulnerabilities, code quality issues, and provides optimization suggestions.
Scope
| Contract | Network | Description |
|---|---|---|
KingsVaultV2.sol |
Ethereum | Synchronous ERC-4626 vault |
KingsVaultV2Async.sol |
Ethereum | Async redeem vault (escrow-based) |
Controller.sol |
Ethereum | UUPS-upgradeable coordinator (NAV settlement, strategy registry, fee minting) |
AaveV3Strategy.sol |
Ethereum | Aave V3 lending strategy adapter |
ERC4626Strategy.sol |
Ethereum | Generic ERC-4626 strategy adapter (e.g. Morpho) |
HyperStrategy.sol |
Ethereum | CCTP V2 cross-chain strategy (Ethereum-side endpoint) |
HyperCoreAllocator.sol |
HyperEVM | CCTP V2 receiver; internal share accounting |
HyperCoreRouter.sol |
HyperEVM | HyperCore 4-stage asset pipeline |
Key Detectors
The following Slither detectors are most relevant to King's Vault's architecture:
| Detector | Relevance |
|---|---|
reentrancy-eth |
Critical — withdraw, emergencyRedeem, executeRedeem, claim all transfer tokens |
reentrancy-no-eth |
Cross-function reentrancy via state changes between executeRedeem and claim |
controlled-delegatecall |
UUPS proxy upgrade safety on Controller and HyperCoreAllocator |
unchecked-transfer |
Verify SafeERC20 usage in all token transfers |
arbitrary-send-erc20 |
Validate all transferFrom and safeTransfer sources |
divide-before-multiply |
Precision errors in dual-pricing share conversions and fee calculations |
missing-zero-check |
Constructor parameter validation (CONTROLLER, ASSET, RECEIVER, etc.) |
unprotected-upgrade |
UUPS _authorizeUpgrade restricted to ROLE_DEVELOPER |
Expected Findings
Informational / Low
- Pragma solidity version: Use locked version (
0.8.x) rather than floating. - Missing events: Ensure all state-changing admin functions emit events.
- Centralization risks: Multi-sig recommended for Admin/Guardian roles (inherent design choice, not a bug).
Areas of Focus
- Dual-pricing rounding:
_convertToShares/_convertToAssets— verifyMAX/MINlogic and rounding direction (Ceilfor deposit,Floorfor withdraw) consistently favors the protocol. - Access control completeness: All admin functions must have role checks. Verify
ROLE_INVESTORgating ondepositandwithdraw. - CCTP message validation:
HyperStrategy.handleReceiveFinalizedMessage()andcompleteDivest()— verifymsg.sender == MESSAGE_TRANSMITTERand_validateSource()are both enforced. - State consistency in executeRedeem:
_pendingRedeemShares,_claimableShares,_claimableAssets, and_execIdmust be updated atomically to prevent double-claim or skipped-batch scenarios. - Processing asset tracking:
_processingAssetsinHyperStrategymust be decremented correctly by_updateRemoteState()— verify no underflow paths.
Running
slither src/ --config-file slither.config.json
Results should be committed to this page after each audit cycle.