Omniscia GoGo Audit
Staking Rewards Security Audit
We were tasked with auditing the codebase of GoGo and in particular their LP staking implementation based on Synthetix and including a unique NFT boost mechanism.
Over the course of the audit we were able to pinpoint a potential misbehaviour in the exit-by-loss function which can cause the withdrawal to fail.
We strongly recommend the GoGo team to remediate the vulnerability identified within the report as well as consider our gas optimization findings to achieve a codebase of even greater quality.
Files in Scope | Repository | Commit(s) |
---|---|---|
RewardsDistributionRecipient.sol (RDR) | gogo-contracts | 319a9c079a, f4ded575ae, 431a0634f7 |
StakingRewardsLP.sol (SRL) | gogo-contracts | 319a9c079a, f4ded575ae, 431a0634f7 |
During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 3 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: