Omniscia Mean Finance Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Mean Finance's NFT-based permission system.
As the project at hand implements an NFT-based bitwise permission system, intricate care was put into ensuring that the flow of assets & permissions within the system conforms to the specifications and restrictions laid forth within the protocol's specification.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed a potential flaw in the way permissions are managed for burned NFTs within the system which could lead to a compromise of the NFT's permission system; we urge the Mean Finance team to promptly evaluate and remediate the relevant exhibit.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to an adequate extent, however, we identified a mismatch between the contract's documentation and its functionality that should be addressed by code changes.
A total of 11 findings were identified over the course of the manual review of which 6 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| NFT-01M |  |  | Unsupported Pragma Version Specification |
| NFT-02M |  | | Inexistent Support of Direct Mints |
| NFT-03M |  | | Incorrect Ownership Change Maintenance |
| PHH-01M | | | Unsupported Pragma Version Specification |
| PHH-02M |  |  | Non-Compliant EIP-712 Typehash Definition |
| PMH-01M | | | Unsupported Pragma Version Specification |