V2.4.2 Update Security Audit Security Audit

Audit Report Revisions

Audit Overview

We were tasked with performing an audit of the Boson Protocol codebase and in particular their V2.4.2 code update.

Specifically, we validated the following changes:

• Support for price range based fees per token
• Refactor of offer fulfilment to escrow in all circumstances so as to simplify logic
• Alleviation of potential voucher silent mint misbehaviour resulting in buyer fund loss (griefing attack vector)
• Support for non-zero prices of price discovery offers via enforcement of buyerCancelPenalty coverage during order fulfilment
• Introduction and integration of two new pausable regions

Over the course of the audit, we identified did not identify any non-informational issues within the codebase and instead made some inconsistency observations as well as optimization recommendations.

We advise the Boson Protocol team to evaluate all informational findings identified in the report and consider addressing them so as to maintain the code's high quality standard.

Post-Audit Conclusion

The Boson Protocol team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Boson Protocol and have identified that all exhibits have been adequately dealt with no outstanding issues remaining in the report.

Audit Synopsis

Severity	Identified	Alleviated	Partially Alleviated	Acknowledged
	0	0	0	0
	5	5	0	0
	0	0	0	0
	0	0	0	0
	0	0	0	0

During the audit, we filtered and validated a total of 0 findings utilizing static analysis tools as well as identified a total of 5 findings during the manual review of the codebase.

Total Alleviations

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 🎯 Scope
• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style