Omniscia Kyber Network Audit
Uniswap V4 Hooks Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| da9dbb8984 | May 6th 2025 | f725f50dfd |
| 323bfbb2bd | June 24th 2025 | 9aa9175044 |
Audit Overview
We were tasked with performing an audit of the Kyber Network codebase and in particular their novel Uniswap V4 Hook.
The Uniswap V4 hook implementation is meant to introduce the following features to the system:
- Restriction of swaps to a list of whitelisted addresses (i.e. the Kyberswap DEX Aggregator)
- Capture of excess outputs in swaps that would exceed the "fair market rate" of a particular pair
The system will calculate the "fair market rate" utilizing a signature validation mechanism, thereby indicating that this rate will be established utilizing off-chain means.
The capture of excess outputs (termed "Equilibrium Gains) occurs through an IHooks::afterSwap hook denoting the gain to be captured in the unspecified token currency.
As the system supports a one-way exchange rate mechanism, the IHooks::beforeSwap implementation restricts all swaps to represent exact-input swaps, ensuring fees can be appropriately imposed.
Over the course of the audit, we identified that the signature validation mechanism will not validate the sender that consumes the signature nor whether a particular signature has been consumed.
While it can be argued that the sender does not need to be validated, each signature should be consumed as it is meant to impose a maxAmountIn limitation that would be considered ineffective through signature re-use.
We advise the Kyber Network team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Kyber Network team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Kyber Network and have confirmed that all exhibits have been either adequately addressed or safely acknowledged.
We consider all outputs of the audit report properly consumed by the Kyber Network team with no outstanding remediative actions remaining.
Post-Audit Conclusion (Cont. I)
We evaluated the PancakeSwap KEM implementation and observed that all applicable findings of its Uniswap counterpart have been addressed.
During our analysis, we were able to identify a flaw in the way signature digests are generated.
We advise the Kyber Network team to inspect and promptly alleviate the relevant medium-severity exhibit of the audit report.
Post-Audit Conclusion (Cont. II)
The Kyber Network team evaluated the newly introduced exhibit and substantiated the fact that they do not believe it to be actively exploitable.
After validating that the issue is not applicable due to a difference in the underlying data structures between the Uniswap and PancakeSwap projects, we proceeded with lowering the exhibit's severity to minor.
The Kyber Network team opted to acknowledge the best-practice recommendation of distinguishing digests via project-specific prefixes, rendering all outputs of the audit report properly consumed by the Kyber Network team.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 4 | 2 | 0 | 2 |
 | 2 | 1 | 0 | 1 |
 | 1 | 1 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 6 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report: