Omniscia Euler Finance Audit

SwapHub Security Audit

Audit Overview

We were tasked with performing an audit of the Euler Finance codebase and in particular the latest PR they introduced to their main repository adding support for a "Swap Hub" implementation meant to allow the Euler Finance protocol to perform swaps seamlessly across multiple exchanges through a single point of contact.

Over the course of the audit, we identified some incorrect paradigms in the base swapper implementation as well as an ambiguity in how the swap mode is handled by the codebase that we urge the Euler Finance team to evaluate.

With regards to the audit of the SwapHub module itself, it contained multiple dependencies that were considered out of scope for the engagement and as such the unitary conversions performed within the contract cannot be adequately audited; we have, however, performed an audit of how it interacts with the various Swap-prefixed dependencies of the swapHandlers directory as well as the code's behaviour itself at face-value.

We advise the Euler Finance team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Euler Finance team iterated through all findings identified within the report and provided an elaborate response to each finding as well as a final commit hash on which all changes that were performed in the codebase to address the findings that were deemed valid were located.

We evaluated the responses of the Euler Finance team and addressed multiple findings as either nullified or acknowledged ensuring that the project's intentions are adequately reflected in the codebase.

All exhibits have been properly dealt with by the Euler Finance team and no outstanding issues remain in the codebase.

Contracts Assessed

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
5401
3300
6204
0000
0000

During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 10 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Unknown" : 5 "Informational" : 3 "Minor" : 6 "Medium" : 0 "Major" : 0

The list below covers each segment of the audit in depth and links to the respective chapter of the report: