Omniscia Platypus Finance Audit
Core Implementation Security Audit
We were tasked with performing an audit on the Platypus Finance codebase and in particular their novel AMM implementation based on their yellowpaper.
Over the course of the audit, we validated that the formulas from the yellowpaper have been implemented in a mathematically accurate fashion within the Solidity codebase taking into account the inherent constraints of the EVM.
We were able to identify issues in the codebase mostly stemming from incorrect assumptions about the operating environment and assets of the AMM, however, an important flaw in cross-asset liquidity withdrawal was identified that can allow liquidity to be slowly siphoned out of the protocol at no cost.
Additionally, we have noted several optimizations that can be applied to the codebase that we urge the Platypus Finance team to consider. Overall, the codebase has been developed to a high standard and we advise the project's team to evaluate all of our exhibits and apply proper remediations for them to achieve an even higher level of quality.
During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 23 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: