Clip Finance

Introduction

Clip Finance runs a modular yield-farming hub. Users deposit stable-coins; Clip’s router allocates liquidity into whitelisted strategies, auto-compounds rewards, and lets depositors withdraw principal + yield at any time. The initial deployment targets BSC and Linea, with plans for ≥10 chains.

Why Did They Need an Audit?

The core contracts batch user deposits, route funds into external protocols, swap rewards, and fulfil batched withdrawals— all under upgradeable admin control. Logic bugs could lock funds, expose users to MEV, or leak yield through unbalanced re-allocations. Three Sigma performed a 2-auditor, 4-person-week review before the first main-net launch.

Scope of the Engagement

Results and Findings

Key High-Severity Issues

1. Grief attack bricks withdrawals (withdrawFulfill) Description – Users’ withdrawStatus can be pre-set to true for the current cycle without transferring funds, making the legitimate fulfillment loop skip them forever. Recommendation – Require cycleId < currentCycleId when calling withdrawFulfill(). (Fixed in 04bd247)
2. Zero-min-out swaps at block.timestamp enable sandwiching Description – Swap helpers set amountOutMin = 0 and use deadline = block.timestamp, handing miners full MEV control. Recommendation – Pass an explicit deadline down the call stack and always compute non-zero minAmountOut via calculateMinAmountOut(). (Fixed in 3c1437c)
3. Withdrawal-token chosen by majority share causes unfair slippage Description – Only the most-requested token bears slippage; others receive their full USD value. Recommendation – Batch withdrawals per-token or redesign the router to pro-rate slippage across all tokens. (Acknowledged)
4. Withdrawal fulfillment can be DoSed via request spam (OOG) Description – An attacker submits thousands of single-share requests; the gas-heavy loop then reverts. Recommendation – Accept a limit parameter to process withdrawals in chunks. (Fixed in 4dc4687)
5. Unsupported token after scheduling halts batch Description – If a token is removed from strategy support after users schedule exits, the batch withdraw reverts. Recommendation – Auto-substitute with a still-supported token. (Fixed in 8f3f6e4)
6. withdrawTo = address(0) freezes cycle for some ERC-20s Description – Tokens like USDT revert on transfers to 0x0, halting the entire batch. Recommendation – Reject zero address in scheduleWithdraw(). (Fixed in 4dc4687)
7. Strategy re-balancer drops funds when strategy nearly saturated Description – toDeposit is overwritten instead of accumulated; partially-filled strategies never receive the remainder. Recommendation – Change toDeposit += received and deposit any residual when below ALLOCATION_THRESHOLD. (Fixed in ed8e3c9)

In conclusion

Conclusion

Three Sigma’s four-week review uncovered 7 high and 8 medium vulnerabilities in Clip Finance’s batching and strategy router layer. All but three advisory items are now patched, including critical withdrawal-grief vectors, MEV-unsafe swaps, and allocation mis-accounting. Remaining acknowledged points concern fee refunds, slippage fairness, and admin-only scheduling, all slated for post-launch hardening. With these fixes, Clip Finance rolls out on Linea with far stronger guarantees around liquidity safety and withdrawal liveness.