Omniscia Brokoli Network Audit

MetaFi Security Audit

Audit Overview

We were tasked with performing an audit of the Brokoli Network codebase and in particular their MetaFi contracts that implement an ecosystem around a singular token.

Over the course of the audit, we identified several major flaws that we urge Brokoli Network to promptly remediate as they can cause the lottery to malfunction, the refunds to the users to be incorrect, and the total allocation of a pool to never be enforced.

Additionally, we were able to pinpoint multiple optimizations that we advise the Brokoli Network team to consider as they can significantly optimize their system.

Contracts Assessed

Files in ScopeRepositoryCommit(s)
BaseClaim.sol (BCM)contracts-metafi5a8b17561c
BurnableERC20.sol (BER)contracts-metafi5a8b17561c
Claim.sol (CLA)contracts-metafi5a8b17561c
ERC20Seed.sol (ERC)contracts-metafi5a8b17561c
ERC20Util.sol (ERU)contracts-metafi5a8b17561c
ERC721Base.sol (ERB)contracts-metafi5a8b17561c
ERC721Tiers.sol (ERT)contracts-metafi5a8b17561c
Forwarder.sol (FOR)contracts-metafi5a8b17561c
Lottery.sol (LOT)contracts-metafi5a8b17561c
PoolWithTiers.sol (PWT)contracts-metafi5a8b17561c
PoolNftBoosted.sol (PNB)contracts-metafi5a8b17561c
PoolWithLottery.sol (PWL)contracts-metafi5a8b17561c
TokenLock.sol (TLK)contracts-metafi5a8b17561c
VestedClaim.sol (VCM)contracts-metafi5a8b17561c
VestedClaimWithoutCliff.sol (VCW)contracts-metafi5a8b17561c
WhitelistRegistry.sol (WRY)contracts-metafi5a8b17561c
XPFarm.sol (XPF)contracts-metafi5a8b17561c
XPToken.sol (XPT)contracts-metafi5a8b17561c

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
4004
5005
120012
180018

During the audit, we filtered and validated a total of 7 findings utilizing static analysis tools as well as identified a total of 32 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Major" : 4 "Medium" : 5 "Minor" : 12 "Informational" : 18

The list below covers each segment of the audit in depth and links to the respective chapter of the report: