This post provides a summary of a security audit performed on 28 February 2020 by iosiro on changes made to the [Synthetix](https://www.synthetix.io) smart contracts that introduced a minimum staking period. The goal of the audit was to ensure that the smart contracts functioned as intended and to identify potential security flaws.
The scope of the assessment was limited to changes to the smart contracts introduced in the following PRs:
The purpose of PR-435 was to introduce a minimum staking period. It added a requirement to the system that an account must wait at least `minimumStakeTime` seconds (with a default value of 8 hours) from the last time it issued sUSD before it would be allowed to burn sUSD. Any new issuance of sUSD in the waiting period would restart the waiting period for the account.
The `burnSynthsToTarget(address from)` function was introduced to burn the requisite amount of sUSD to adjust an account's c-ratio to the target ratio required for claiming fees. Importantly, this function was not subject to the minimum staking time and did not force the account to settle fees generated through [SIP-37](https://sips.synthetix.io/sips/sip-37). This meant that users could still balance their c-ratio even if they had recently issued sUSD.
No substantial issues were found during the audit. No potential security issues were identified and the code in scope operated as intended. The code was of a high standard and used a simple, concise implementation of the desired functionality.