Omniscia Euler Audit

Merkle Mining Staking Security Audit

Audit Overview

We were tasked with performing an audit on the Euler codebase and in particular their merkle-proof based mining implementation and simple staking contract.

Over the course of the audit, we identified the absence of certain best security practices that we advise the Euler team to consider and integrate in the codebase.

Additionally, we pinpointed several optimizations that can be applied to the codebase that we urge the Euler team to evaluate as they can significantly optimize frequently-used functions of the system.

Post-Audit Conclusion

After discussion with the Euler team, we identified certain findings that have been nullified as they were deemed either invalid or not optimizational.

The Euler team alleviated all other exhibits and provided a formulated response to each one that remained un-alleviated.

We should note that in the latest round of changes the Euler team removed the visibility specifier off the now-named userStaked variable of EulStakes which we advise to be re-introduced.

Contracts Assessed

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
0000
0000
4004
8404

During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 8 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Major" : 0 "Medium" : 0 "Minor" : 4 "Informational" : 8

The list below covers each segment of the audit in depth and links to the respective chapter of the report: