Omniscia Dapp Radar Audit
Staking Contracts Security Audit
Audit Overview
We were tasked with performing an audit of the Dapp Radar codebase and in particular their LayerZero-integrating cross-chain staking implementation.
Over the course of the audit, we identified two major cross-chain specific flaws that can significantly compromise the staking system's accounting and cause disproportionate rewards as well as loss of funds.
We advise the Dapp Radar team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Dapp Radar team has provided remediations for all exhibits outlined in the report and provided supplemental material as to the rationale behind certain acknowledgements that were made with regards to certain exhibits.
Additionally, the SRP-06M exhibit has been nullified due to the desired deployment environment being Fantom. We advise the Dapp Radar team to re-visit SRP-01M as the latest alleviation may cause an issue in future blockchain updates.
Contracts Assessed
Audit Synopsis
Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
---|---|---|---|---|
0 | 0 | 0 | 0 | |
14 | 7 | 0 | 7 | |
4 | 2 | 1 | 1 | |
7 | 7 | 0 | 0 | |
2 | 2 | 0 | 0 |
During the audit, we filtered and validated a total of 6 findings utilizing static analysis tools as well as identified a total of 21 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: