Omniscia AmpleSense Audit

EEFI Contracts Security Audit

Audit Overview

We were tasked with performing an audit of the Amplesense codebase and in particular their EEFI token and surrounding rebase-aware infrastructure that dictates the EEFI token's usage based on the polarity of the rebase operations performed on the AMPL token.

The audit was completed in several phases:

Phase I: A preliminary audit was conducted to identify any misbehaviours in the codebase
Phase II: The Amplesense team reviewed the preliminary audit and addressed / acknowledged the identified issues.
Phase III: We conducted a review of the remediations implemented by the Amplesense team.
Phase IV: The final codebase was reviewed to ensure that no changes were made on the finalized code.

Over the course of the audit, we were able to pinpoint certain misbehaviours in the codebase as well as potential complex attack vectors that can lead to denial of service and ultimately to lock of funds for users due to the inefficiency of the overall system.

We strongly advise the Amplesense team to apply all security related remediations we have recommended as well as to consider and integrate the optimizational findings we have shared to ensure the codebase remains operable under all circumstances and lucratively optimal gas-wise.

Post-Audit Conclusion

The Amplesense team implemented remediations for almost all findings outlined in the report and seeked consultation on the ones they chose to not remediate to ensure their codebase was secure in such a case.

The findings that were not explicitly dealt with were properly acknowledged by the Amplesense team and pose no threat to the protocol. As a result, we consider the codebase to be of a high security standard.

Contracts Assessed

Files in Scope	Repository	Commit(s)
AMPLRebaser.sol (AMP)	eefi_contracts	5a87d20e80, e2ba6043f0
AmplesenseVault.sol (AVT)	eefi_contracts	5a87d20e80, e2ba6043f0
BalancerTrader.sol (BTR)	eefi_contracts	5a87d20e80, e2ba6043f0
Distribute.sol (DIS)	eefi_contracts	5a87d20e80, e2ba6043f0
EEFIToken.sol (EEF)	eefi_contracts	5a87d20e80, e2ba6043f0
Pioneer1Vault.sol (PVT)	eefi_contracts	5a87d20e80, e2ba6043f0
StakingERC20.sol (SER)	eefi_contracts	5a87d20e80, e2ba6043f0
StakingERC721.sol (SEC)	eefi_contracts	5a87d20e80, e2ba6043f0

Audit Synopsis

Severity	Identified	Alleviated	Acknowledged
Major	4	4	0
Medium	8	7	1
Minor	6	5	1
Informational	15	15	0

During the audit, we filtered and validated a total of 3 findings utilizing static analysis tools as well as identified a total of 30 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Informational" : 15 "Minor" : 6 "Medium" : 8 "Major" : 4

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

EEFI Contracts Security Audit

Audit Overview

Post-Audit Conclusion

Contracts Assessed

Audit Synopsis

Compilation