Introduction
Maple Finance is an institutional-grade, on-chain credit market. It connects accredited pool delegates, who curate loan books and price risk, to institutional borrowers seeking under-collateralised working-capital loans, while liquidity providers (LPs) supply capital and earn interest.
Core mechanics include:
- Delegate-managed lending pools with configurable fees, lock-up cycles, and withdrawal windows.
- Under-collateralised MapleLoans that stream interest and principal to lenders and the Maple treasury.
- Smart-withdrawal manager that queues LP exits into cyclic windows and enforces pro-rata liquidity distribution.
- Upgradeable, factory-based architecture with global governance and migration helpers for contract evolutions.
Why Did They Need an Audit?
The V2 launch introduced:
- On-chain liquidity migration from V1 pools, an irreversible step that had to preserve every LP share.
- Pool-share maths rewrite to use ERC-4626-style accounting. A single rounding bug could let a front-runner siphon first-depositor value.
- Complex withdrawal queues and delegate upgrade paths that, if mis-wired, could freeze capital or silently favour one class of lender.
Because the protocol already custodied >$500 m of institutional liquidity, Maple engaged Three Sigma for a focused review of the migration helpers and the new V2 core contracts before main-net deployment.
Scope of the Engagement

- Team: 2 auditors , 5 person-weeks
- Chain: Ethereum
Audit Date: 2022-11-08
Language: Solidity
Type: Code Audit