Maple Finance

Introduction

Maple Finance is an institutional-grade credit marketplace that lets delegated credit experts spin up on-chain lending pools and originate secured loans to blue-chip borrowers. Version 2 of Maple’s Pools and Globals modules adds plug-in yield strategies, Aave, Sky (Maker/PSM), and basic ERC-4626 wrappers, so idle pool liquidity can earn passive yield between loan draw-downs.

Why Did They Need an Audit?

Integrating strategies shifts pool assets out of Maple’s core contracts into third-party venues (Aave aTokens, Maker PSM, ERC-4626 vaults). Any mis-priced conversion, rounding bug, or withdrawal failure could lock lender funds or create share-price arbitrage. Maple hired Three Sigma for a focused 4-person-week review covering all new strategy code plus the modified deployment pipeline.

Scope of the Engagement

• Team: 2 auditors · 4 person-weeks
• Chain: Ethereum

Results and Findings

Key Low-Severity Issues

Sky Strategy rounding loses ≤ 1e-6 USD per tx

• Description: Negligible value drift (≤ 1e-6 USD) when converting USDS↔USDC due to 1 e-12 divisor.

Aave & SavingsUSDS withdrawAll may revert after fee rounding

• Description: Treasury-fee “round-up” can consume final wei, causing full-balance withdrawal to revert.

In conclusion

Three Sigma’s 4-week assessment of Maple’s strategy-enabled Pool v2 stack found no critical or high-impact flaws. Two low-severity rounding/withdrawal edge-cases were acknowledged; over half of informational gas and style suggestions are already merged. With strengthened caching, uniform math, and operational playbooks for Maker/Aave edge-events, Maple can safely route idle pool liquidity into vetted yield strategies without compromising lender withdrawals or share accounting.