Omniscia Alliance Block Audit
Payment Portal Security Audit
We were tasked with performing an audit of the Alliance Block payment gateway, a contract meant to safeguard access to a particular set of on-chain and / or off-chain functions based on a combination of a permanent whitelist and a temporary, paid subscription service.
Over the course of the audit we identified multiple shortcomings in the way the pricing mechanism of the contract works that renders it manipulate-able to flash loans and significantly hinders user experience as the price paid for a subscription can significantly alter between a transaction's submission and a transaction's execution within the blockchain network.
We strongly recommend the Alliance Block team to apply remediations to all security-related findings we identified as well as enhance the quality of the codebase by applying the style adjustments and optimizations we have advised.
Files in Scope | Repository | Commit(s) |
---|---|---|
PaymentPortal.sol (PPL) | lmaas-payment | ce46c37909, fbf67587a0 |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 15 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: