{"componentChunkName":"component---node-modules-rocketseat-gatsby-theme-docs-core-src-templates-docs-query-js","path":"/manual-review","result":{"data":{"mdx":{"id":"c6958a72-d547-576b-9fcd-ae05524601ea","excerpt":"A  thorough line-by-line review  was conducted on the codebase to identify potential malfunctions and vulnerabilities in Avocado Fund's lending and staking…","fields":{"slug":"/manual-review/"},"frontmatter":{"title":"Manual Review","description":"Briefly describes the output of the manual review of the project.","image":null,"disableTableOfContents":null},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Manual Review\",\n  \"description\": \"Briefly describes the output of the manual review of the project.\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"A \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"thorough line-by-line review\"), \" was conducted on the codebase to identify potential malfunctions and vulnerabilities in Avocado Fund's lending and staking system.\"), mdx(\"p\", null, \"As the project at hand implements a combination of a lending and staking system, intricate care was put into ensuring that the \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"flow of funds within the system conforms to the specifications and restrictions\"), \" laid forth within the protocol's specification.\"), mdx(\"p\", null, \"We validated that \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"all state transitions of the system occur within sane criteria\"), \" and that all rudimentary formulas within the system execute as expected. We \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"pinpointed multiple significant vulnerabilities\"), \" within the system which could have had \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"severe ramifications\"), \" to its overall operation; for more information, kindly consult the relevant non-informational exhibits within the audit report.\"), mdx(\"p\", null, \"Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://eips.ethereum.org/\"\n  }, \"ERC / EIP\"), \" standard inconsistencies. The documentation of the project was satisfactory to a great extent, containing extensive in-line documentation as well as function \", mdx(\"inlineCode\", {\n    parentName: \"p\"\n  }, \"NatSpec\"), \" definitions.\"), mdx(\"p\", null, \"A total of \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"18 findings\"), \" were identified over the course of the manual review of which \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"13 findings\"), \" concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/code-style\"\n  }, \"Code Style\"), \" chapter.\"), mdx(\"p\", null, \"The finding table below enumerates all these security / behavioural findings:\"), mdx(\"table\", null, mdx(\"thead\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"thead\"\n  }, mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"ID\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Severity\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Addressed\"), mdx(\"th\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Title\"))), mdx(\"tbody\", {\n    parentName: \"table\"\n  }, mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-01M\"\n  }, \"ALG-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Slippage Control of Borrow Rate\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-02M\"\n  }, \"ALG-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Unsustainable Iteration Approach\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-03M\"\n  }, \"ALG-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-medium\",\n    \"src\": \"https://omniscia.io/report-assets/medium.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Arbitrary Loan Borrow Rate\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-04M\"\n  }, \"ALG-04M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-medium\",\n    \"src\": \"https://omniscia.io/report-assets/medium.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Incorrect Loan Repayment Tracking\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-05M\"\n  }, \"ALG-05M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Incorrect Interest Accrual\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoLending-ALG#ALG-06M\"\n  }, \"ALG-06M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Incorrect Mass Interest Accrual\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoVault-AVT#AVT-01M\"\n  }, \"AVT-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-informational\",\n    \"src\": \"https://omniscia.io/report-assets/informational.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Incorrect Cap Assumption\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoVault-AVT#AVT-02M\"\n  }, \"AVT-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Improper Performance Fee Adjustment\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoVault-AVT#AVT-03M\"\n  }, \"AVT-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Access Control of Fee Collection\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/AvocadoVault-AVT#AVT-04M\"\n  }, \"AVT-04M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-medium\",\n    \"src\": \"https://omniscia.io/report-assets/medium.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Incorrect Handling of Interest\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/VaultRewards-VRS#VRS-01M\"\n  }, \"VRS-01M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-informational\",\n    \"src\": \"https://omniscia.io/report-assets/informational.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Saturating Subtraction of Emergency Mechanism\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/VaultRewards-VRS#VRS-02M\"\n  }, \"VRS-02M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-minor\",\n    \"src\": \"https://omniscia.io/report-assets/minor.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Inexistent Handling of Cap Breach\")), mdx(\"tr\", {\n    parentName: \"tbody\"\n  }, mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"a\", {\n    parentName: \"td\",\n    \"href\": \"/reports/avocado-fund-lending-sysetm-69c7e0102001f00016659119/manual-review/VaultRewards-VRS#VRS-03M\"\n  }, \"VRS-03M\")), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-severity o-major\",\n    \"src\": \"https://omniscia.io/report-assets/major.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, mdx(\"img\", {\n    parentName: \"td\",\n    \"className\": \"o-fixed o-yes\",\n    \"src\": \"https://omniscia.io/report-assets/yes.png\"\n  })), mdx(\"td\", {\n    parentName: \"tr\",\n    \"align\": null\n  }, \"Insecure Boost System\")))));\n}\n;\nMDXContent.isMDXComponent = true;","headings":[]}},"pageContext":{"slug":"/manual-review/","prev":{"label":"Static Analysis","link":"/static-analysis"},"next":{"label":"Code Style","link":"/code-style"}}},"staticQueryHashes":["1954253342","2328931024","2501019404","973074209"]}