Omniscia SaucerSwap Audit

Periphery Security Audit

Audit Report Revisions

Commit HashDateAudit Report Hash
dab89c19a6July 30th 2023a63c5489b7
d8d187efd1August 29th 2023f94398e54e
92f8d9f89fSeptember 9th 202373ce277d7b
ab9210c4a1September 25th 20239d386f8810
ab9210c4a1September 27th 20239cc43cb27c

Audit Overview

We were tasked with performing an audit of the SaucerSwap codebase and in particular their periphery implementation that derives from the original Uniswap V3 implementation.

Over the course of the audit, we identified multiple points whereby the Hedera Protocol has not been properly integrated with within the TransferHelper which lies at the core of the AMM's transfer flows and thus constitutes a significant vulnerability.

We advise the SaucerSwap team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The SaucerSwap team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by SaucerSwap and have identified that a single exhibit has not been adequately dealt with. We advise the SaucerSwap team to revisit the following exhibit as it was partially alleviated: PIR-01M

Additionally, we identified a potential vulnerability in the new way the Hedera compatible NFT is initialized by the NonfungiblePositionManager.

Specifically, the newly introduced NonfungiblePositionManager::createNonFungible function does not apply any access control permitting on-chain race conditions to occur whereby the token's creation and thus renewal period and rent payer are specified by another party.

We advise access control to be applied at the function via a value configured during the NonfungiblePositionManager::constructor.

Post-Audit Conclusion (92f8d9f89f)

The SaucerSwap team proceeded to introduce annotations for the PIR-01M finding instructing users to use the Multicall contract when interacting with the PoolInitializer::createAndInitializePoolIfNecessary function to ensure that any additional native funds sent alongside the call are refunded.

We would like to note that our recommendation to introduce access control to the newly introduced NonfungiblePositionManager::createNonFungible function has not been heeded and as such we do not consider all outputs of the report properly consumed by the SaucerSwap team.

Post-Audit Conclusion (ab9210c4a1)

The NonfungiblePositionManager::createNonFungible function properly applies adequate access control by retaining a deployer entry within the contract's NonfungiblePositionManager::constructor that is validated as the caller of the said function in the latest iteration of the codebase.

As such, initialization of the manager is adequately guarded against on-chain race conditions. We consider all outputs of the audit report properly consumed by the SaucerSwap team based on the latest remediation round.

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
0000
5302
2200
2200
2200

During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 10 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

Total Alleviations

The list below covers each segment of the audit in depth and links to the respective chapter of the report: