Omniscia Boson Protocol Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Boson Protocol's core implementation and in particular the delta between versions 2.2.0 and 2.3.0.
As the project at hand comprises a delta audit of newly introduced functionality to the Boson Protocol system, intricate care was put into ensuring that the flow of funds & assets within the system conforms to the specifications and restrictions laid forth within the protocol's specification.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple vulnerabilities of significant concern within the system which could have had severe ramifications to its overall operation; we urge the Boson Protocol team to evaluate and rectify them as soon as possible.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a great extent, containing extensive in-line documentation throughout the project, properly maintained changelogs, as well as commits and pull-requests that are verbose in nature.
A total of 30 findings were identified over the course of the manual review of which 19 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| BVR-01M |  |  | Inexistent Restriction of Approval for Owner |
| BVR-02M | | | Potentially Malformed Contract Storage Space |
| BVR-03M |  |  | Inexistent Access Control of Protocol Withdrawals |
| BVR-04M |  | | Inexistent Legacy Compatibility of Boson Voucher Premints |
| BVR-05M | | | Inexistent Transfer of Preminted Voucher Ranges |
| BVR-06M |  |  | Insufficient Protection of Contract Assets |
| BVR-07M | | | Storage Conflict of Beacon Implementation |
| BBS-01M | | | Removal of Bundle Limitations |
| CHF-01M | | | Inexistent Validation of Proper Resolution Period Configuration |
| EHF-01M | | | Breaking Change of Single-Point-of-Entry |
| EHF-02M |  | | Restrictive Migration Mechanism |
| EHF-03M | | | Bypass of Token Specific Conditions |
| GBE-01M | | | Insufficient Validation of Conditions |
| PHF-01M | | | Incorrect Revert Condition Specification |
| PIH-01M | | | Inexistent Support of Manual Seller Configuration |
| PIH-02M | | | Insufficient Sanitization of Minimum Resolution Period |
| SBE-01M | | | Restrictive Deployment of Voucher Clone |
| SBE-02M | | | Incorrect Association of Seller ID |
| SHF-01M | | | Incorrect Iterator Usage |