Omniscia Mantissa Finance Audit

Core System Security Audit

Audit Report Revisions

Commit HashDateAudit Report Hash
3ae4dc2cc1July 26th 2023212644d14a
418ee413adAugust 1st 202322d358d271
5482fabf5bAugust 7th 20233317002915
5482fabf5bAugust 12th 2023606b23d095

Audit Overview

We were tasked with performing an audit of the Mantissa Finance team and in particular a follow-up round of their algorithmic AMM implementation.

Over the course of the audit, we identified a significant flaw in the voting mechanism of the MasterMantis contract that we urge the Mantissa Finance team to promptly evaluate and rectify.

Given that this audit pertains a follow-up round, certain exhibits that were acknowledged in the original audit (such as centralization issues or rudimentary input sanitizations) have not been replicated in this report for the sake of brevity.

The novel pool implementations that are meant to support stable and volatile assets remain without any whitepaper associated and as such, we do not consider them adequately audited until the Mantissa Finance team procures a proper whitepaper for us to evaluate these implementations with.

As a final note, we have observed that certain unresolved findings of the original implementation have not been alleviated in this iteration of the codebase. These findings include POO-05M and POO-08M both of which concern the algorithmic aspect of the AMM implementations.

We advise the Mantissa Finance team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Mantissa Finance team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Mantissa Finance and have identified an exhibit whose alleviation introduced a new issue in the codebase, an exhibit that can be alleviated to a greater extent as well as an exhibit that was partially alleviated and needs to be carefully reconsidered. These exhibits are MMS-03C, MEC-02M, and PVE-01M respectively and we advise them to be revisited.

Additionally, the following exhibits were either partially alleviated or contain new information that the Mantissa Finance team may find relevant and we advise them to be revisted as well: VGN-02M, MEC-01C

Post-Audit Conclusion (5482fabf5b)

The Mantissa Finance team revisited exhibits MMS-03C, MEC-02M, and PVE-01M; providing a proper alleviation for MMS-03C in the latest iteration of the codebase while acknowledging the remaining exhibits.

Given that all exhibits have either been adequately acknowledged or alleviated, we consider all outputs of the report properly consumed by the Mantissa Finance team.

Contracts Assessed

Files in ScopeRepositoryCommit(s)
LP.sol (CON)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
MNTS.sol (MNT)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
Marketplace.sol (MEC)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
MasterMantis.sol (MMS)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
Pool.sol (PLO)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
PoolHelper.sol (PHR)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
PoolVolatile.sol (PVE)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
Rewarder.sol (RRE)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
Vesting.sol (VGN)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b
veMNT.sol (MNE)audit-v23ae4dc2cc1,
418ee413ad,
5482fabf5b

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
5401
2914114
2101
0000
1100

During the audit, we filtered and validated a total of 5 findings utilizing static analysis tools as well as identified a total of 32 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

Next

Compilation