Omniscia Alliance Block Audit

Liquidity Staker Security Audit

We were tasked with auditing the liquidity staker codebase of the Alliance Block foundation which aims to introduce novel features to conventional liquidity staker implementations.

The project deviates greatly from the liquidity staker implementation of Uniswap it is based on by introducing multi token rewards, lock based mechanisms, staking pool migrations and more.

The system has been developed in a compose-able fashion, containing seperate contract implementations for dedicated features that the pools should provide users with, such as locked exits. The system attempts to keep the core principles of the original staking implementation intact by retaining the calculation accumulation mechanisms as close to the original as possible.

The mechanisms used by the system include a factory based approach that deploys new contracts solely controlled by their owner, a whitelist based access control on the cross-pool migrations and an intricate delayed withdrawal system via dedicated lock deployments that provide boosts to the final staking rewards.

Files in ScopeRepositoryCommit(s)
AutoStake.sol (ASE)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
AbstractPoolsFactory.sol (APF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
CompoundingRewardsPool.sol (CRP)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
CompoundingRewardsPoolStaker.sol (CRS)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
CompoundingRewardsPoolFactory.sol (CRF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
LockScheme.sol (LSE)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
LimitedAutoStake.sol (LAS)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
LiquidityMiningCampaign.sol (LMC)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
LiquidityMiningCampaignFactory.sol (LMF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
NonCompoundingRewardsPool.sol (NCR)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
NonCompoundingRewardsPoolFactory.sol (NCP)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
OnlyExitFeature.sol (OEF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
OneStakerFeature.sol (OSF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
PercentageCalculator.sol (PCR)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
RolesManager.sol (RMR)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
RewardsPoolBase.sol (RPB)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
RewardsPoolFactory.sol (RPF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeLock.sol (SLK)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeReceiver.sol (SRR)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeTransferer.sol (STR)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
SafeERC20Detailed.sol (SER)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeLockingFeature.sol (SLF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeReceiverFeature.sol (SRF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeReceiverAutoStake.sol (SRA)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeTransfererFeature.sol (STF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeTransfererAutoStake.sol (STA)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
StakeTransferEnabledFactory.sol (STE)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
Treasury.sol (TRE)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
ThrottledExit.sol (TET)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
TreasuryOperated.sol (TOD)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
ThrottledExitFeature.sol (TEF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59
TreasuryOperatedFeature.sol (TOF)ALBT-Liquidity-Stakerf864f9de8b,
0a0e1ff0ff,
1d86b7ba59

During the audit, we filtered and validated a total of 10 findings utilizing static analysis tools as well as identified a total of 60 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report: