Omniscia Parabola Finance Audit

Core Implementation Security Audit

Audit Overview

We were tasked with auditing the codebase of Parabola Finance and in particular their core protocol implementation composed of multiple components from various projects including stable swaps, staking implementations and a unique multi-token staking mechanism.

Over the course of the audit we identified certain deviations from the original codebases that we strongly advise the Parabola Finance team to evaluate and we were able to identify a potential vulnerability in the multi-token staking implementation depending on its configuration.

Overall, the codebase is composed of multiple forked codebases that have been battle tested and as such can be considered to inherit the security traits of those systems. We performed a complete analysis of the codebase including a delta evaluation between the original codebases and we identified minimal changes that do not affect the core logic of each system to a degree that introduces vulnerabilities.

Post-Audit Conclusion

The Parabola team decided to not apply remediations for most of the findings identified within the report, solely focusing their remediation efforts on the MultiStakignRewards contract.

The codebase of the said contract was slightly refactored and as such the latest iteration does not support the same functionalities as the original one and introducing new concepts. As such, the newly introduced code should not be considered in scope of the audit.

We strongly advise the Parabola team to remediate all findings identified within the report to achieve a high security standard.

Contracts Assessed

Files in Scope	Repository	Commit(s)
Dashboard.sol (DAS)	parabola-protocol-audit	9ea621461d, d6503760d5
LPToken.sol (LPT)	parabola-protocol-audit	9ea621461d, d6503760d5
MathUtils.sol (MUS)	parabola-protocol-audit	9ea621461d, d6503760d5
MultiStakingRewards.sol (MSR)	parabola-protocol-audit	9ea621461d, d6503760d5
ParaSwap.sol (PSP)	parabola-protocol-audit	9ea621461d, d6503760d5
ParaToken.sol (PTN)	parabola-protocol-audit	9ea621461d, d6503760d5
ParaMaster.sol (PMR)	parabola-protocol-audit	9ea621461d, d6503760d5
ParaSwapUtils.sol (PSU)	parabola-protocol-audit	9ea621461d, d6503760d5

Audit Synopsis

Severity	Identified	Alleviated	Acknowledged
Major	0	0	0
Medium	4	0	4
Minor	4	1	3
Informational	6	0	6

During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 13 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Informational" : 6 "Minor" : 4 "Medium" : 4 "Major" : 0

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

Core Implementation Security Audit

Audit Overview

Post-Audit Conclusion

Contracts Assessed

Audit Synopsis

Compilation