Omniscia Kyo Finance Audit
Reward Voting Infrastructure Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| f81bf7a861 | January 10th 2025 | f24e1f117e |
| 17c8d4e59f | January 28th 2025 | e7f2ad9d30 |
| 9bcc31960d | February 7th 2025 | 4f04efe12d |
Audit Overview
We were tasked with performing an audit of the Kyo Finance codebase and in particular their Reward & Voting Infrastructure module integrating with Uniswap V2 and Uniswap V3 like AMMs.
The system employs a highly granular token stream system in an attempt to ease maintainability, splitting logic between inflow contracts (i.e. TokenStreamConsumer and derivatives) and outflow contracts (i.e. TokenStreamEmitter and derivatives).
We have provided an analysis of this approach in the dedicated Codebase Maturity Evaluation chapter of the Code Style section of the audit report. In short, we strongly advise the Kyo Finance team to consider refactoring the codebase, especially in light of its limited use of multi-token reward systems, to ensure that the code is not adversely affected by this compartmentalization of function implementations.
Beyond the general concerns levied in the aforementioned chapter, we were able to identify several major and medium severity exhibits within the audit report that stem from complex multi-contract interactions, with the medium severity exhibits directly originating from the compartmentalization concerns we shared.
Specifically:
- We observed that the
StakingMathcontract was incorrectly calculating claimable balances by double-counting any balance owed - We identified that the last update time of a token was improperly consumed for the first interaction in the
SmoothTokenStreamConsumercurve formula implementation - We validated that the distribution mechanism of the
TokenStreamSplitterwould incorrectly skip poking a user's state if no rewards had been distributed when the interaction was performed - We noted that the system's transient-storage based caching system across both inflow and outflow token stream implementations relies on hidden assumptions that might be breached in derivative implementations
During our review of the codebase, we confirmed that the Uniswap V2 gauge correctly captures LP-based fees via novel usage of the constant K product formula and specifically its inherent trait to continuously increase as fees are captured in an AMM pool.
The Uniswap V3 equivalent of the gauge implements a similar approach albeit via direct changes to the UniswapV3Pool implementation itself, capturing fees in the form of the underlying tokens directly to the contract itself and thus no longer relying on the pool's K product.
From a documentational perspective, the reward-per-second calculations of the SmoothTokenStreamConsumer contract were inadequately covered and have been marked as such, with a notice to be re-evaluated once supplemental documentation has been provided to us by the Kyo Finance team.
We advise the Kyo Finance team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Kyo Finance team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Kyo Finance and have identified that a single exhibit has not been adequately dealt with. We advise the Kyo Finance team to revisit the following exhibit: ERC-01M
Additionally, we observed that a significant portion of the optimization-related exhibits that we advised has not been incorporated into the codebase.
As the transient-storage-based caching system was introduced to lower gas costs, we urge the Kyo Finance team to reconsider all optimizations advised within the audit report as they can result in significant gas savings.
Post-Audit Conclusion (9bcc31960d)
The Kyo Finance team provided us with a follow-up commit hash containing an alleviation for the last manual-review pending item within the audit report, ERC-01M.
We confirmed that the finding has been fully alleviated, and consider all outputs of the audit report properly consumed by the Kyo Finance team.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 35 | 2 | 0 | 33 |
 | 5 | 4 | 0 | 1 |
 | 3 | 3 | 0 | 0 |
 | 3 | 3 | 0 | 0 |
During the audit, we filtered and validated a total of 7 findings utilizing static analysis tools as well as identified a total of 39 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report: