Omniscia Platypus Finance Audit
Governance Staking Implementation Security Audit
We were tasked with performing an audit on the Platypus Finance codebase and in particular their governance and staking implementations.
The system is composed of a typical ERC-20 token representing the native token of the platform as well as two upgrade-able components representing the staking counterpart of the said token as well as the SushiSwap-like staking implementation of Platypus.
The SushiSwap based staking implementation differs from the original by retaining a diluting and non-diluting portion when assessing the rewards of each individual based on their staked Platypus balance.
Over the course of the audit, we identified a vulnerability in the governance implementation that renders it partially prone to manipulation via well-funded parties and should be remediated as soon as possible. The Platypus team proceeded with making the appropriate changes to the voting power evaluations to address this issue.
Additionally, we identified some minor and medium issues that we advise the Platypus Finance team to consider along with all optimizations we have recommended. Overall, the codebase has been developed to an adequate standard but can be enhanced by streamlining the comment style across all functions in the codebase.
During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 23 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: