Omniscia Powercity Audit

Earn Implementation Security Audit

Audit Report Revisions

Commit HashDateAudit Report Hash
c2300d4823May 26th 2023b473cea1fd
8bedd3b0dfJune 21st 202302211155b7
8bedd3b0dfJune 21st 20238eec51939c
e1d571bb78July 18th 2023b22261b4ce

Audit Overview

We were tasked with performing an audit of the PowerCity codebase and in particular their Earn implementation which is a fork of the Liquity system.

The adaptations performed from the original implementation involve the adjustment of the system's gas compensation and minimum net debt variables from 200e18 to 50e18 and from 1800e18 to 450e18 respectively.

The main change that the PowerCity Earn system has implemented is the replacement of the Liquity system's ETH (i.e. native fund) asset with the PLX (PulseX token) asset which is an EIP-20 asset.

To accommodate for this change, the normally-fallback methods of the various Liquity contracts were replaced by a specialized addPulseX function implementation that will extract the PLX tokens from the caller.

All scripts under the Proxy folder of the system were not evaluated as their codebase has been fully commented out.

Over the course of the audit, we identified an invalid adjustment from the original codebase that permits overpayments of debt positions as well as incorrect calculations in the TroveManager system during its recovery mode state that could have been harmful to the protocol's recovery from such a state.

We advise the Powercity team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Powercity team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Powercity and have identified that certain exhibits have not been adequately dealt with. We advise the Powercity team to revisit the following exhibit which was partially alleviated: LUS-01M

Additionally, a subset of findings were marked as "alleviated" in an internal document shared with us and appear to not have been dealt with in the commit hash we evaluated. These exhibits are: LUS-01C, APL-01C, MTG-01C, TCR-01S, PFD-02S, BOS-01C, BOS-02C

Post-Audit Conclusion (e1d571bb78)

The Powercity team re-assessed exhibit LUS-01M and produced a correct remediation for it. Additionally, the following exhibits have been correctly alleviated in the latest iteration: TCR-01S, BOS-01C, BOS-02C

While certain informational exhibits remain unaddressed, they can be safely acknowledged as they do not pose an active security threat to the protocol.

We consider all outputs of the audit report to have been properly consumed by the Powercity team.

Contracts Assessed

Files in ScopeRepositoryCommit(s)
Address.sol (ASS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
Address.sol (ASE)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
ActivePool.sol (APL)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
AggregatorV3Interface.sol (AVI)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
BaseMath.sol (BMH)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
BorrowerOperations.sol (BOS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
BorrowerWrappersScript.sol (BWS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
BorrowerOperationsScript.sol (BOT)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
CheckContract.sol (CCT)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
CollSurplusPool.sol (CSP)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
CommunityIssuance.sol (CIE)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
DefaultPool.sol (DPL)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
ETHTransferScript.sol (ETH)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
GasPool.sol (GPL)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
HintHelpers.sol (HHS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LQTYToken.sol (LQT)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LUSDToken.sol (LUS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LQTYStaking.sol (LQY)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LiquityBase.sol (LBE)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LiquityMath.sol (LMH)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LockupContract.sol (LCT)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LQTYStakingScript.sol (LQS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LiquitySafeMath128.sol (LSM)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
LockupContractFactory.sol (LCF)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
MultiTroveGetter.sol (MTG)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
Ownable.sol (OEL)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
PriceFeed.sol (PFD)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
PulseXToken.sol (PXT)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
SafeMath.sol (SMH)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
SafeERC20.sol (SER)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
SafeERC20.sol (SEC)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
SortedTroves.sol (STS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
StabilityPool.sol (SPL)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
StabilityPoolScript.sol (SPS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
TokenScript.sol (TST)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
TellorCaller.sol (TCR)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
TroveManager.sol (TMR)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
TroveManagerScript.sol (TMS)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
Unipool.sol (ULO)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
console.sol (CON)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78
test.sol (TES)EarnProtocol-Contractsc2300d4823,
8bedd3b0df,
e1d571bb78

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
0000
228113
7700
7700
1100

During the audit, we filtered and validated a total of 24 findings utilizing static analysis tools as well as identified a total of 13 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report: