Omniscia Plutus DAO Audit
Hedge Vault Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| eb8a76b31d | December 16th 2024 | 8ad9200177 |
| af82504254 | January 8th 2025 | e4a293ac51 |
Audit Overview
We were tasked with performing an audit of the Plutus DAO codebase and in particular their Hedge Vault EIP-4626 contract.
The implementation represents a basic EIP-4626 vault with pausability features, upgradeability, a total deposit limitation system, as well as a mechanism to extract and return funds from and to the vault for trading / strategy activities.
As the contract implements a centralized trading / strategy resource allocation mechanism, we strongly advise utmost care to be taken in the deployment of the system and the maintenance of the relevant access keys to ensure funds are appropriately allocated and utilized.
Over the course of the audit, we identified several deviations from the EIP-4626 standard all stemming from the various limitations the standard defines that have not been properly overridden in the Hedge Vault implementation.
We advise the Plutus DAO team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Plutus DAO team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Plutus DAO and have identified that certain exhibits have not been adequately dealt with. We advise the Plutus DAO team to revisit the following exhibits: HVT-03M, HVT-04M
Post-Audit Conclusion (af82504254)
The Plutus DAO team provided us with a follow-up commit hash to evaluate the remediative actions carried out for the two aforementioned open exhibits.
We validated that both exhibits have been alleviated in an exemplary manner, and thus consider all outputs of the audit report properly consumed by the Plutus DAO team with no outstanding remediative actions.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 3 | 3 | 0 | 0 |
 | 1 | 1 | 0 | 0 |
 | 2 | 2 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 0 findings utilizing static analysis tools as well as identified a total of 6 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report: