Omniscia 0xPhase Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in 0xPhase's stablecoin borrowing protocol.
As the project at hand implements a collateralized algorithmic stablecoin borrowing system, intricate care was put into ensuring that the flow of funds & assets within the system conforms to the specifications and restrictions laid forth within the protocol's specification.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple logical and language-specific vulnerabilities within the system which could have had severe ramifications to its overall operation.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend it to be expanded at certain complex points such as how the Manager treats the higher-bit of a Manager::batchCall as a flag to signify whether native funds should be associated with the call.
A total of 76 findings were identified over the course of the manual review of which 39 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| ACB-01M |  |  | Inexistent Initialization of Access Control |
| AUP-01M |  | | Incorrect Implementation of Initialization |
| CLB-01M |  | | Weak Validation of Call Result |
| COE-01M | | | Insecure Calculation of Share Amount |
| COV-01M |  | | Improper Integration of Chainlink Oracles |
| CAV-01M | | | Abnormal Credit Account Behaviour |
| DBV-01M | | | Incorrect Addition of Value |
| DBV-02M | | | Unsafe Type Casting |
| DBV-03M | | | Discrepant Behaviour of NAND Operator |
| DBV-04M | | | Incorrect Arithmetic Operator Methodology |
| DBV-05M | | | Incorrect Logical Operator Methodology |
| DBV-06M | | | Incorrect Removal of Value |
| DLI-01M | | | Inexistent Requirement of Code |
| ERP-01M | | | Significant Deviation of Standard |
| ERV-01M | | | Significant Deviation of Standard |
| FOE-01M | | | Improper Implementation of Oracle |
| ICA-01M | | | Improper Disable of Initializers |
| IPT-01M | | | Improper Disable of Initializers |
| MRE-01M | | | Unsafe Length Cast |
| OBE-01M | | | Inexistent Initialization of Ownership |
| PTV-01M | |  | Inexistent Validation of Allowances |
| SPY-01M | | | Incorrect Implementation of Initialization |
| SLB-01M |  | | Improper Checked Arithmetic |
| SUP-01M | | | Incorrect Implementation of Initialization |
| TV1-01M | | | Inexistent Prevention of Accidental Transfers |
| TV1-02M | | | Incorrect Order of Execution |
| TV1-03M | | | Incorrect Setting Mechanism |
| VAF-01M | | | Improper Relay of Message Value |
| VAF-02M | | | Non-Standard Application of Fee |
| VAF-03M | | | Improper Emergency Mode Checks |
| VBE-01M | | | Unknown Integration Points |
| VBE-02M | | | Dangerous Order of Mathematical Operations |
| VBE-03M | | | Incorrect Definition of Diamond Storage |
| VIR-01M | | | Improper Initializer Definition |
| VLF-01M | | | Unknown Integration Point |
| VLF-02M | | | Accuracy-Loss Prone Convoluted Mathematical Operations |
| VLF-03M | | | Loss of Arithmetic Accuracy |
| VLF-04M | | | Incorrect Rebate Calculation Mechanism |
| VSF-01M | | | Inexistent Sanitization of Variables |