Aarna Protocol (AtvWrappedBoosterTL) Solidity Smart Contract Audit Report

Security is the cornerstone of DeFi adoption. Aarna Protocol, a next-generation asset management platform powered by AI and on-chain vault strategies, recently underwent a comprehensive smart contract audit conducted by FailSafe.

This audit focused on the AtvWrappedBoosterTL contract, which plays a crucial role in Aarna’s Pendle integration. The goal was to ensure that deposits, withdrawals, and NAV (Net Asset Value) calculations are executed securely, accurately, and transparently.

What is Aarna Protocol?

Aarna Protocol is a full-stack DeFi asset management platform that combines:

• âtv Vaults – tokenized investment vaults for stablecoin yields, AI-managed portfolios, and index strategies.
• Alpha 30/7 Engine – an AI-powered model that autonomously selects and rebalances token portfolios.
• Mobile-first dApp – making structured DeFi investing simple and accessible.

With its AI-driven strategies and transparent vault architecture, Aarna bridges institutional-grade asset management with decentralized finance.

Overview

• Auditor: FailSafe
• Project Name: Aarna Protocol (AtvWrappedBoosterTL)
• Audit Date: August 9 – 19, 2025
• Scope: contracts/AtvWrappedBoosterTL.sol
• Out of Scope: All mock contracts, deployment, and test scripts
• Source Code: Aarna GitHub Repository

Project Goals

The audit evaluated the contract across seven key dimensions:

1. Security Assurance – eliminating critical vulnerabilities.
2. Functional Correctness – ensuring deposits/withdrawals reflect true NAV.
3. Gas Optimization – improving efficiency for users.
4. Access Control & Privileges – enforcing secure role-based actions.
5. Upgradability & Maintainability – ensuring long-term adaptability.
6. Compliance & Documentation – following Solidity best practices.
7. Remediation Guidance – providing clear steps for fixes .

Summary of Findings

The audit uncovered 2 issues, both of which were resolved:

Severity	Total	Status
Critical	0	–
High	0	–
Medium	1	Resolved
Low	1	Resolved
Info	0	–

Key Audit Findings

1. NAV Mismatch and Underflow Risk in Withdraw

• Severity: Medium | Status: Resolved
• Description: The contract tracked totalStaked as gross deposits, ignoring NAV fluctuations. If NAV increased, a withdrawal could result in underflow reverts, preventing users from accessing funds. Additionally, totalAssets() did not accurately reflect real-time NAV.
• Impact:
  • Incorrect TVL reporting.
  • Potential DoS on withdrawals if NAV increased.
  • Reduced user trust in vault reporting.
• Remediation: Withdrawals were updated to dynamically compute NAV and sync totalStaked with current vault values. This fix ensures accurate reporting and prevents withdrawal failures .

2. Approval Order Logic Issue

• Severity: Low | Status: Resolved
• Description: In the deposit function, the contract approved tokens before receiving them via transferFrom. This violated the standard pattern of approving only after balances exist.
• Impact:
  • Low functional risk.
  • Reduced code quality and increased audit complexity.
• Remediation: The function order was corrected to approve after tokens are transferred in, aligning with Solidity best practices.

Final Thoughts

The audit confirmed that Aarna Protocol’s AtvWrappedBoosterTL contract is secure and reliable, with no critical or high-severity issues detected. Both identified findings: NAV mismatch under withdrawals and approval logic ordering were fully resolved.

This provides users and investors with confidence that Aarna’s upcoming Pendle integration is backed by a strong, security-first foundation.

The Aarna Protocol (AtvWrappedBoosterTL) Smart Contract Audit by FailSafe highlights Aarna’s dedication to secure, transparent, and reliable DeFi asset management.

By resolving all identified issues, Aarna reinforces its position as a protocol that merges AI-powered financial intelligence with on-chain trust.

If you’re looking for an elite security partner, reach out to us today!