Omniscia Olive Audit
Liquidity Protocol Security Audit
Audit Overview
We were tasked with performing an audit on the Olive Protocol codebase and in particular their core protocol implementation based on the Tokemak project.
Over the course of the audit we were able to identify certain misbehaviours that we advise the Olive Protocol team to evaluate and potentially remediate to avoid vulnerabilities from arising by improper use of the Tokemak's repurposed system components.
Additionally, we pinpointed several optimizations that can significantly reduce the gas cost of the system across the board and we urge the Olive Protocol team to evaluate along with the vulnerabilities identified within the report.
Post-Audit Conclusion
The Olive Protocol team provided a remediation for most important exhibits outlined in the report and partially alleviated some which we advise them to re-visit, such as MAN-02M.
In the latest update to the codebase, the voting olive implementation has been significantly refactored and an additional veOLIVE
implementation similar to Curve Finance's one has been introduced both of which should not be considered as in scope of the audit.
Contracts Assessed
Audit Synopsis
Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
---|---|---|---|---|
1 | 1 | 0 | 0 | |
3 | 1 | 1 | 1 | |
6 | 5 | 1 | 0 | |
14 | 14 | 0 | 0 |
During the audit, we filtered and validated a total of 6 findings utilizing static analysis tools as well as identified a total of 18 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: