Omniscia Olympus DAO Audit

Manual Review

Manual Review

A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in the version 2 iteration of the Olympus DAO protocol.

As the project at hand implements a complex system architecture of a three token system and a bond pricing mechanism, intricate care was put into ensuring that the flow of funds within the system conforms to the specifications and restrictions laid forth within the protocol's specification.

We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed certain misconceptions within the system which could have had severe ramifications to its overall operation when exploited under the right circumstances, however, they were conveyed ahead of time to the Olympus DAO team to be promptly remediated.

Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend the documentation of the project to be expanded at certain complex points such as the mathematical operations surrounding the pricing of debt ratios utilizing the undocumented decode112with18 function.

A total of 73 findings were identified over the course of the manual review of which 39 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.

The finding table below enumerates all these security / behavioural findings:

IDSeverityAddressedTitle
BDY-01MMajorNoImproper Bond Price Assumption
BDY-02MMediumNoInexistent Validation of Terms
BDY-03MMediumNoInexplicable Optional Value of Decay
BTR-01MMajorYesConfusion of Value Denominations
BTR-02MMediumNoArtificial Inflation Mechanism
BTR-03MMinorYesInexistent Redemption of FEO Fees
BTR-04MMinorNoInexistent Validation of Non-Zero Redemption
ERC-01MMinorYesNon-Standard Mint Implementation
ERP-01MMediumYesInsecure Elliptic Curve Recovery Mechanism
ERP-02MMinorYesCross-Chain Signature Replay Attack Susceptibility
FPT-01MMajorNoPotentially Invalid Implementation
GOV-01MMediumYesImproper Governor Renouncation
GOV-02MMinorYesIncorrect Event Emitted
GOV-03MMinorYesPotentially Restrictive Functionality
GAA-01MInformationalYesImproper Percentage Documented
GUA-01MMediumYesImproper Guardian Renouncation
GUA-02MMinorYesIncorrect Event Emitted
GUA-03MMinorYesPotentially Restrictive Functionality
OTM-01MMajorYesImproper Integration w/ Uniswap V2
OTM-02MMediumYesImproper Evaluation of Token Balance
OTM-03MMediumYesUngraceful Mint Handling
OTM-04MMinorYesPotential of Repeat Invocation
OWN-01MMediumYesImproper Ownership Renouncation
OWN-02MMinorYesIncorrect Events Emitted
OWN-03MMinorYesPotentially Restrictive Functionality
SDR-01MMediumYesImproper Accumulation of Rewards
SDR-02MMediumNoUngraceful Handling of High Adjustment Rates
SDR-03MMinorYesInexistent Validation of Entry Validity
SDR-04MMinorYesInexistent Validation of Reward Rate
SBC-01MMajorYesInexistent Validation of Pair Tokens
SBC-02MMinorYesIncorrect Usage of SafeMath Library
TRE-01MMajorYesInsecure Management of Reserve & Liquidity Tokens
TRE-02MMajorYesWeak Debt Position Validation
TRE-03MMediumNoImproperly Valid Case
TRE-04MMediumYesInexistent Validation of Token Status
TRE-05MMinorNoPotentially Unsafe Primitive Evaluation
VOD-01MMediumNoCentralized Sensitive Functionality
OHM-01MMediumYesImproper State Control of Migration
OEC-01MMediumNoPotentially Incorrect Extrapolation of Rebase

Prev

Static Analysis

Next

Code Style