Omniscia Powercity Audit
Earn Implementation Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| c2300d4823 | May 26th 2023 | b473cea1fd |
| 8bedd3b0df | June 21st 2023 | 02211155b7 |
| 8bedd3b0df | June 21st 2023 | 8eec51939c |
| e1d571bb78 | July 18th 2023 | b22261b4ce |
Audit Overview
We were tasked with performing an audit of the PowerCity codebase and in particular their Earn implementation which is a fork of the Liquity system.
The adaptations performed from the original implementation involve the adjustment of the system's gas compensation and minimum net debt variables from 200e18 to 50e18 and from 1800e18 to 450e18 respectively.
The main change that the PowerCity Earn system has implemented is the replacement of the Liquity system's ETH (i.e. native fund) asset with the PLX (PulseX token) asset which is an EIP-20 asset.
To accommodate for this change, the normally-fallback methods of the various Liquity contracts were replaced by a specialized addPulseX function implementation that will extract the PLX tokens from the caller.
All scripts under the Proxy folder of the system were not evaluated as their codebase has been fully commented out.
Over the course of the audit, we identified an invalid adjustment from the original codebase that permits overpayments of debt positions as well as incorrect calculations in the TroveManager system during its recovery mode state that could have been harmful to the protocol's recovery from such a state.
We advise the Powercity team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Powercity team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Powercity and have identified that certain exhibits have not been adequately dealt with. We advise the Powercity team to revisit the following exhibit which was partially alleviated: LUS-01M
Additionally, a subset of findings were marked as "alleviated" in an internal document shared with us and appear to not have been dealt with in the commit hash we evaluated. These exhibits are: LUS-01C, APL-01C, MTG-01C, TCR-01S, PFD-02S, BOS-01C, BOS-02C
Post-Audit Conclusion (e1d571bb78)
The Powercity team re-assessed exhibit LUS-01M and produced a correct remediation for it. Additionally, the following exhibits have been correctly alleviated in the latest iteration: TCR-01S, BOS-01C, BOS-02C
While certain informational exhibits remain unaddressed, they can be safely acknowledged as they do not pose an active security threat to the protocol.
We consider all outputs of the audit report to have been properly consumed by the Powercity team.
Contracts Assessed
| Files in Scope | Repository | Commit(s) |
|---|---|---|
| Address.sol (ASS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| Address.sol (ASE) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| ActivePool.sol (APL) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| AggregatorV3Interface.sol (AVI) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| BaseMath.sol (BMH) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| BorrowerOperations.sol (BOS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| BorrowerWrappersScript.sol (BWS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| BorrowerOperationsScript.sol (BOT) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| CheckContract.sol (CCT) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| CollSurplusPool.sol (CSP) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| CommunityIssuance.sol (CIE) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| DefaultPool.sol (DPL) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| ETHTransferScript.sol (ETH) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| GasPool.sol (GPL) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| HintHelpers.sol (HHS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LQTYToken.sol (LQT) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LUSDToken.sol (LUS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LQTYStaking.sol (LQY) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LiquityBase.sol (LBE) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LiquityMath.sol (LMH) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LockupContract.sol (LCT) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LQTYStakingScript.sol (LQS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LiquitySafeMath128.sol (LSM) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| LockupContractFactory.sol (LCF) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| MultiTroveGetter.sol (MTG) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| Ownable.sol (OEL) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| PriceFeed.sol (PFD) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| PulseXToken.sol (PXT) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| SafeMath.sol (SMH) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| SafeERC20.sol (SER) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| SafeERC20.sol (SEC) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| SortedTroves.sol (STS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| StabilityPool.sol (SPL) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| StabilityPoolScript.sol (SPS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| TokenScript.sol (TST) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| TellorCaller.sol (TCR) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| TroveManager.sol (TMR) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| TroveManagerScript.sol (TMS) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| Unipool.sol (ULO) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| console.sol (CON) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
| test.sol (TES) | EarnProtocol-Contracts | c2300d4823, 8bedd3b0df, e1d571bb78 |
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 22 | 8 | 1 | 13 |
 | 7 | 7 | 0 | 0 |
 | 7 | 7 | 0 | 0 |
 | 1 | 1 | 0 | 0 |
During the audit, we filtered and validated a total of 24 findings utilizing static analysis tools as well as identified a total of 13 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: