All Reports
Vesu V2 Periphery

Vesu V2 Periphery

2025-12-10

Sherlock collaborative audit · CODESPECT as Lead Security Expert

Download PDF
Critical0
High1
Medium1
Low0
Info0

About the Protocol

Periphery contracts for Vesu V2 on Starknet covering position migration, liquidation, multiply and swap flows.

Findings (2)

H-01HighFixed

Missing ownership validation allows unauthorized position migration

The migrator never checks that the caller owns the position, so any position that has delegated the migrator can be migrated, and effectively stolen, by an attacker.

M-01MediumFixed

Some LTV combinations make migration impossible for any max_ltv_delta

Depending on the old and new position LTVs, the final LTV check can reject every max_ltv_delta value, leaving the user unable to migrate.

Start here

Ready to secure your project?

Get a free 30-minute security assessment. We’ll review your codebase scope and flag the top 3 risk areas.

No commitment required · Typical audits start within 1–2 weeks