Omniscia SaucerSwap Labs Audit
ERC20 Wrapper Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| 14802b26cc | August 15th 2025 | 9eb1770a2e |
| 6d473ba094 | August 17th 2025 | 11699c369a |
| 785446ee09 | August 23rd 2025 | 93627b4320 |
| 785446ee09 | August 28th 2025 | e17b5b0168 |
Audit Overview
We were tasked with performing an audit of the SaucerSwap Labs codebase and in particular their ERC20 Wrapper module.
The system is meant to act as a bridge between EIP-20 tokens and the HTS ecosystem by permitting them to be wrapped into HTS token counterparts.
Over the course of the audit, we identified a rounding flaw during initial deposits that should be rectified as well as an overall inflexible design that we believe can be significantly enhanced to eliminate several of the project's known limitations.
We advise the SaucerSwap Labs team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The SaucerSwap Labs team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by SaucerSwap Labs and have identified that certain exhibits have not been adequately dealt with. We advise the SaucerSwap Labs team to revisit the following exhibits: ERC-01M, ERC-03M
Additionally, all informational findings are considered acknowledged due to the absence of any remediative action involving them.
Post-Audit Conclusion (785446ee09)
The SaucerSwap Labs team provided us with a follow-up commit to evaluate their revised wrapper implementation.
The revised wrapper implementation has been simplified to the greatest extent possible, greatly minimizing the codebase's size whilst maintaining the core wrapping and unwrapping principle intact.
As a result of this refactor, we evaluated and confirmed that the two remaining ERC-01M and ERC-03M exhibits have been addressed in full.
We consider all outputs of the audit report properly consumed by the SaucerSwap Labs team with no outstanding remediative actions remaining.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 0 | 0 | 0 | 0 |
 | 9 | 8 | 0 | 1 |
 | 1 | 1 | 0 | 0 |
 | 2 | 2 | 0 | 0 |
 | 0 | 0 | 0 | 0 |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 11 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report: