Omniscia AllianceBlock Audit
Token Implementation Security Audit
Audit Overview
We were tasked with performing an audit of the AllianceBlock codebase and in particular their new token implementation meant to represent an upgradeable, mintable, snapshot-compliant token implementation using multiple industry-standard dependencies.
Over the course of the audit, we identified certain optimizations that we believe AllianceBlock will find of value as the token will presumably undergo a vast distribution phase which will require multiple mint operations to be performed.
We would like to note that while viable, the current batchMint
operation would require a significant number of transactions and thus cost to actually distribute the token to the original ALBT
token holders. As an alternative, we advise Merkle-Proof based systems to be evaluated and potentially applied offsetting the cost to the end-user / claimer.
We advise the AllianceBlock team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
On a final note, we would like to note that the audit constituted of the new AllianceBlock token and did not cover any distribution scheme and / or mechanism that AllianceBlock will make use of to re-distribute NXRA tokens to legacy ALBT holders.
The token contains a manual batchMint mechanism and it is up to AllianceBlock's operational security to guarantee that the minting capabilities are not transferred to an incorrect party and / or that the distribution scheme is honored (i.e. certain holder(s) do not have any tokens minted).
Post-Audit Conclusion
The AllianceBlock team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by AllianceBlock and have identified that all exhibits have been adequately dealt with no outstanding issues remaining in the report.
Contracts Assessed
Files in Scope | Repository | Commit(s) |
---|---|---|
AllianceBlockToken.sol (ABT) | AllianceBlock-Contracts | 0c2b952f1e, 5bde836b59, cba978de9f |
Audit Synopsis
Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
---|---|---|---|---|
0 | 0 | 0 | 0 | |
7 | 7 | 0 | 0 | |
1 | 1 | 0 | 0 | |
0 | 0 | 0 | 0 | |
0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 6 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: