The following is a Technical Security Peer Review with the goal of helping the development of VMEX, an AAVE V2 Fork which is meant to use LP or Vault Tokens as Collateral

The Report was made on the VMEX-Finance Repor for at Commit bdcc10ee0c51e662d8d8dd200eec774e166946d7

Executive Summary

The following Peer Review should be considered non-exhaustive and I recommend, after mitigation of the below findings, to potentially perform a second one, and ultimately perform a proper audit.

Due to the relation between components and assets (external code), it’s important that both logic flaws (incorrect code), as well as potentially incorrect settings (Admin privileges, unsynched values, risk of stale configuration), are properly addressed.

The main goals of the codebase were:

• Ensure Tranche Risk Separation → In my opinion achieved
• Add additional functionality to the AAVE System → In my opinion is partially achieved, and has a few gotchas and risks
• Offer a TWAP and Oracles → In my opinion, needs more work
• Centralize Settings while allowing customization to the admin → For the most part achieved, with some gotchas and risks of desynch

Classification

HIGH - This is a risk that can cause loss of funds or extended denial of service for the protocol