BetterBank Smart Contract Audit

BetterBank is a revolutionary DeFi (Decentralized Finance) protocol that reimagines lending, borrowing, and wealth generation. Traditional banking systems are slow, expensive, and exclusive – BetterBank brings financial freedom to everyone, regardless of geography, portfolio size, or financial background. Built on transparent, immutable blockchain technology, BetterBank eliminates intermediaries, reduces fees, and maximizes yield opportunities for users.

To uphold its commitment to safety and trust, BetterBank commissioned seven independent, world-class blockchain security firms to audit its smart contracts before launch.

FailSafe is honored to have been shortlisted among the seven main auditors, joining renowned firms such as Halborn, Peckshield, and other respected names in the DeFi security space. This selection reflects our track record of elite auditing, rapid vulnerability discovery, and end-to-end security delivery.

“I will say you guys performed one of the most detailed reports by far, the simulations and backtesting data you guys provided was great and was a pleasure to work with you.”

— LB, Co-Founder BetterBank

Audit Overview

• Client: BetterBank
• Auditor: FailSafe
• Audit Date: 15th September – 23th September, 2025
• Source: https://github.com/grape-finance/BB-Custom-contracts/tree/audit_freeze/contracts

FailSafe’s role in this coordinated audit round was significant. Each participating firm independently assessed different aspects of the protocol, contributing findings into a shared review cycle. This ensured complete coverage, minimized redundancy, and maximized security assurance before mainnet deployment.

We are proud to report that FailSafe uncovered a number of high vulnerabilities, all of which were promptly mitigated and verified before final delivery.

Summary of Findings

Severity	Total	Status
Critical	0	–
High	7	6 Resolved, 1 Partially Resolved
Medium	1	Acknowledged
Low	3	2 Resolved, 1 Acknowledged
Informational	0	–

Key Findings

1. Stale Oracle Data (PLS/USD) – 15.1% Deviation

Severity: High | Status: Resolved

• Description: The Oracle relied on Fetch data with a 20-minute freshness window, occasionally returning values up to ~24 hours old.
• Impact: Real market price diverged by 15.1% (Oracle vs DEX) on September 11, 2025, block 24,482,198.
• Resolution: Added deviation guards and stricter freshness validation to prevent stale price use.

---

2. Favor Sell Bypass via EOA Market

Severity: High | Status: Resolved

• Description: The sell tax logic only applied when destination was a contract. EOA-to-EOA transfers allowed users to bypass the 50% tax.
• Impact: Potential circumvention of tax model and protocol revenue loss.
• Resolution: Removed the EOA bypass and simplified tax path to ensure consistent enforcement.

---

3. Stake Sniping at Epoch Boundaries

Severity: High | Status: Resolved

• Description: Staking rewards were calculated via instant snapshots without time weighting. Attackers could stake, trigger allocation, claim, and withdraw within seconds.
• Impact: Unfair yield capture by flash stakers.
• Resolution: Implemented a 2-epoch minimum lock period for stakers.

---

4. Zapper Lacked Slippage Protection

Severity: High | Status: Resolved

• Description: Swap and liquidity functions used amountOutMin = 0 and addLiquidity minimums of zero.
• Impact: Users could suffer price manipulation or value loss due to unprotected swaps.
• Resolution: Added proper slippage thresholds for both buy and sell flows.

---

5. Favor Bonus Desynchronization

Severity: High | Status: Resolved

• Description: Bonus gating used TWAP values, while sizing used potentially stale USD pricing from Fetch, leading to inconsistent minting.
• Impact: Potential over-minting of Esteem when USD prices moved upward.
• Resolution: Introduced deviation guards and synchronized TWAP logic.

---

6. Privileged Control Without Timelock

Severity: High | Status: Partially Resolved

• Description: Multiple onlyOwner functions across contracts (Favor, PulseMinter, Staking, Treasury, Oracles, and Zapper) executed instantly.
• Impact: Centralized privilege risk if admin key compromised.
• Resolution: Added a two-step ownership process and committed to implementing a full TimelockController after deployment.

---

7. LPZapper Dust Sweep Vulnerability

Severity: High | Status: Resolved

• Description: The _refundDust function refunded all ETH and token dust balances to the caller.
• Impact: Malicious actors could drain all ETH and dust tokens from the contract.
• Resolution: Limited dust refund scope to the current transaction only.

---

8. Zapper DoS with Fee-on-Transfer Tokens

Severity: Medium | Status: Acknowledged

• Description: Zapper logic assumed equal input/output amounts, failing on fee-on-transfer (FOT) tokens.
• Impact: Potential DoS for unsupported tokens.
• Resolution: Team opted to exclude FOT tokens from the supported list.

---

9. Unchecked ERC20 Return Values

Severity: Low | Status: Resolved

• Description: Raw transferFrom calls did not check boolean returns.
• Impact: Failed transfers could go unnoticed.
• Resolution: Replaced with SafeERC20.safeTransferFrom for all token interactions.

---

10. Missing Reentrancy Guards in Zapper

Severity: Low | Status: Resolved

• Description: Multiple external calls were unguarded against reentrancy.
• Impact: Could allow nested calls or DoS scenarios.
• Resolution: Added ReentrancyGuard to all major Zapper entry points.

---

11. usingFetch Contract – Uninitialized Mapping

Severity: Low | Status: Acknowledged

• Description: idMappingContract was uninitialized, breaking IERC2362.valueFor.
• Impact: Function could revert if invoked.
• Resolution: Not used in production; future version will implement valueFor mapping correctly.

BetterBank’s Security Posture

Throughout the engagement, the BetterBank team demonstrated exceptional maturity and commitment to security. Their responsiveness to findings, willingness to implement immediate remediations, and insistence on independent verification across multiple auditors reflect a best-in-class security culture rarely seen in early-stage DeFi projects.

BetterBank’s proactive decision to commission seven concurrent audit firms, rather than relying on a single provider, showcases a deep understanding of what true DeFi trust should look like – open, verifiable, and collaboratively secured.

This commitment to layered verification ensures that every line of code operates under the same guiding principle as BetterBank’s mission: user trust above all else.

FailSafe commends the BetterBank team for setting a new industry benchmark for transparency and accountability in smart contract security.

FailSafe’s Closing Remarks

Our collaboration with BetterBank was not just an audit, it was a shared pursuit of excellence. We are proud to have contributed to securing one of the most promising decentralized banking infrastructures of 2025.

As BetterBank continues to grow, FailSafe remains committed to providing unwavering support as a long-term strategic security partner.

Looking for an Elite Audit?