Omniscia Mean Finance Audit
Oracle Module Security Audit
Audit Overview
We were tasked with performing an audit of the Mean Finance codebase and in particular their oracle implementation meant to support the Mean Finance ecosystem in querying relative price points for various asset pairs.
Over the course of the audit, we identified several edge-cases as well as centralization vectors that could impact the health of the protocol significantly albeit under very specific circumstances that are hard to attain in a production environment.
We advise the Mean Finance team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Mean Finance team provided us with a response to each exhibit independently and we developed discussions revolving around exhibits that were deemed unclear and / or required our feedback on how they can be adequately alleviated.
Once all discussion points were finalized, the Mean Finance team provided us with a commit hash as well as response-per-exhibit detailing which exhibits were dealt with as well as which were left as acknowledged based on additional rationale provided by the Mean Finance team.
Overall, all exhibits have either been sufficiently dealt with or have had additional context provided to deem them as "acknowledged".
Contracts Assessed
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 4 | 2 | 0 | 2 |
 | 7 | 3 | 0 | 4 |
 | 5 | 3 | 0 | 2 |
 | 0 | 0 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 14 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: