Omniscia Boson Protocol Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Boson Protocol's specialized voucher system based on the Diamond standard.
As the project at hand implements a diamond-standard based specialized voucher system, intricate care was put into ensuring that the flow of assets & funds within the system conforms to the specifications and restrictions laid forth within the protocol's specification, that the codebase resembles the original V1 implementation in execution flows, and that the various components of the Diamond standard properly interact between them.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple misbehaviours and potential vulnerabilities within the system which could have had moderate-to-severe ramifications to its overall operation under edge-case circumstances, however, they were conveyed ahead of time to the Boson Protocol team to be promptly remediated.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a great extent, however, the terminology used around certain modules such as the "twin", "bundle", and "group" terms can become slightly ambiguous and we advise a "glossary" of terms to be provided within the repository to better aid the code's legibility.
A total of 57 findings were identified over the course of the manual review of which 21 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| ACR-01M |  |  | Potentially Incorrect Dependency Usage |
| ACR-02M |  |  | Circular Access Control Dependency |
| BCS-01M | |  | Potentially Incorrect Type-Hash Definitions |
| BVR-01M | | | Inexistent Prevention of Self-Transfer |
| BBS-01M | | | Inexistent Validation of Valid Bundle Creation |
| CLB-01M | | | Potentially Discrepant Access Control |
| CHF-01M | | | Potentially Overly Centralized Configuration Control |
| CHF-02M | | | Inexistent Validation of Numeric Configuration |
| DBE-01M | | | Potentially Misleading Validation Comments |
| EIP-01M | | | Inexistent Validation of Meta-TX Sender Validity |
| EIP-02M | | | Improper Domain Separator Retrieval |
| EIP-03M |  | | Insecure Elliptic Curve Recovery Mechanism |
| EHF-01M | | | Improper Invocation of EIP-20 transfer |
| FHF-01M | | | Inexistent Validation of Token Type |
| GBE-01M | | | Inexistent Validation of Group Entries |
| GBE-02M | | | Insufficient Evaluation of maxOffersPerGroup |
| MTH-01M | | | Account Agnostic Nonce System |
| OBE-01M | | | Inexistent Validation of Proper Voucher Redemption Setup |
| OHF-01M | | | Inexistent Re-Entrancy Protection |
| PBS-01M | | | Potentially Unsafe Existence Check |
| SBE-01M | | | Potential of Race Condition in Seller Creation |