Omniscia Evergon Labs Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Evergon Labs' Omnichain Data Containers implementation.
As the project at hand implements an EIP-7208 omni-chain variant, intricate care was put into ensuring that the flow of funds within the system conforms to the specifications and restrictions laid forth within the protocol's specification and that the various EIP-7208 Data Index, Data Object, and Data Manager implementations properly uphold the EIP standards they are meant to implement.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple significant vulnerabilities within the system which could have had severe ramifications to its overall operation; for more information, kindly consult the relevant major-severity exhibits within the audit report as well as the report's summary.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend it to be expanded at certain complex points as outlined in the summary of the audit report.
A total of 50 findings were identified over the course of the manual review of which 27 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| AML-01M |  |  | Improper Refund Addresses |
| BDO-01M | |  | Potential of Function Failure |
| ERR-01M |  | | Incorrect Batch Burn Implementation |
| ECW-01M | | | Potential Name & Symbol Spoofing |
| ERL-01M | | | Incorrect Burn Implementation |
| ER2-01M | | | Deviation of Specification |
| FEM-01M | | | Incorrect Data Usage |
| FED-01M | | | Incorrect Data Usage |
| FFY-01M | | | Manual Configuration of Name & Symbol |
| FFY-02M |  |  | Improper Refund Addresses |
| FFD-01M |  | | Potential Non-Standard EIP-1155 Behaviour |
| LZC-01M |  | | Potentially Unsupported LayerZero EIDs |
| NFT-01M | | | Insecure Batch Transfer Operations |
| OAS-01M | | | Improper Prefix Specification |
| OBD-01M | | | Improper Refund Address |
| OCH-01M | | | Potentially Improper Callback Handling |
| OFF-01M | | | Incorrect Encoding of Callback Payloads |
| OFF-02M | | | Breach of EIP-1155 Standard |
| OFF-03M | | | Improper Refund Address |
| OFT-01M | | | Incorrect Encoding of Callback Payload |
| OFT-02M | | | Improper Refund Address |
| OIS-01M | | | Incorrect Bitwise Shift of Identifier |
| ONF-01M | | | Incorrect Encoding of Callback Payload |
| ONF-02M | | | Improper Refund Address |
| ONF-03M | | | Unbounded Callback Gas Cost |
| TWT-01M | | | Discrepancy of EIP-1400 Integration |
| TWT-02M | | | Unresolved TODO Comment |