Omniscia Mean Finance Audit
Permit2 Adapter Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| bfc04555e6 | July 14th 2023 | 2995e34ac0 |
| 954ce732c3 | July 24th 2023 | dd7cb251d6 |
Audit Overview
We were tasked with performing an audit of the Mean Finance codebase and in particular their specialized UniversalPermit2Adapter implementation meant to facilitate arbitrary calls and swaps by taking advantage of Permit2.
Over the course of the audit, we identified significant flaws in how the system integrates with Permit2 which would have compromised all permitted funds via on-chain race conditions.
We advise the Mean Finance team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Mean Finance team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Mean Finance and have identified that all exhibits have been adequately dealt with no outstanding issues remaining in the report.
Contracts Assessed
| Files in Scope | Repository | Commit(s) |
|---|---|---|
| ArbitraryExecutionPermit2Adapter.sol (AEP) | permit2-adapter | bfc04555e6, 954ce732c3 |
| BasePermit2Adapter.sol (BPA) | permit2-adapter | bfc04555e6, 954ce732c3 |
| Permit2Transfers.sol (PTS) | permit2-adapter | bfc04555e6, 954ce732c3 |
| SwapPermit2Adapter.sol (SPA) | permit2-adapter | bfc04555e6, 954ce732c3 |
| Token.sol (TNE) | permit2-adapter | bfc04555e6, 954ce732c3 |
| UniversalPermit2Adapter.sol (UPA) | permit2-adapter | bfc04555e6, 954ce732c3 |
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 4 | 1 | 0 | 3 |
 | 5 | 3 | 0 | 2 |
 | 2 | 1 | 0 | 1 |
 | 2 | 2 | 0 | 0 |
During the audit, we filtered and validated a total of 2 findings utilizing static analysis tools as well as identified a total of 11 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: