Omniscia Badai Tech Audit
Staking System Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| 48f89235a2 | January 6th 2025 | ec1fcc4039 |
| d639d227f8 | January 8th 2025 | 1ab8c5dc69 |
| 2ef12e6885 | January 14th 2025 | c594dd0beb |
Audit Overview
We were tasked with performing an audit of the Badai Tech codebase and in particular their staking system.
The project implements an index pool implementation permitting a token to be burned to acquire a portion of the balances that the pool holds.
Additionally, a Synthetix-like staking mechanism is introduced with a novel checkpoint system that permits different rewards to be distributed per period between checkpoints.
Over the course of the audit, we identified a critical issue in the IndexPool implementation that utilized skewed proportions for its distribution mechanism.
We advise the Badai Tech team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Badai Tech team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Badai Tech and have identified that a particular exhibit might require follow-up remediative action. We advise the Badai Tech team to revisit the following exhibit: IPL-01M
Additionally, the following informational findings remain unaddressed and should be revisited: IPL-04C, BAI-02C, AIK-02C
Post-Audit Conclusion (2ef12e6885)
The Badai Tech team provided us with a new commit hash to evaluate their follow-up remediations for the IPL-01M and IPL-04C exhibits.
We confirmed that the relevant exhibits have been properly addressed in full, and additionally assimilated the new GitHub feedback provided on the BAI-02C and AIK-02C issues within their respective exhibits.
We consider all outputs of the audit report properly consumed by the Badai Tech team with no outstanding remediative action remaining.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 22 | 21 | 0 | 1 |
 | 2 | 2 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
 | 1 | 1 | 0 | 0 |
During the audit, we filtered and validated a total of 7 findings utilizing static analysis tools as well as identified a total of 18 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report: