Omniscia Steer Protocol Audit

PancakeSwap Infinity Hook Security Audit

Audit Report Revisions

Commit HashDateAudit Report Hash
39053b8f8fJuly 23rd 2025dbe197c541
5dd8944ae7August 10th 2025b03d4278f4
9711893da5August 15th 202573cd237c6c
04cd0485d1September 3rd 20256e28368904

Audit Overview

We were tasked with performing an audit of the Steer Protocol codebase and in particular their PancakeSwap Infinity Hook module.

The system implements a dynamic fee evaluation mechanism as a before-swap hook that is based on the perceived volatility of a trading pair based on a Sigmoid formula.

Over the course of the audit, we identified a significant flaw in the initialization of the system as well as issues with the Sigmoid function inputs as well as arithmetic bounds.

We advise the Steer Protocol team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.

Post-Audit Conclusion

The Steer Protocol team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.

We evaluated all alleviations performed by Steer Protocol and have identified that the requested clarifications around DFH-01M have not been supplied.

Post-Audit Conclusion (9711893da5)

The Steer Protocol team introduced documentation around the scaled volatility system that justifies its current implementation.

We consider all outputs of the audit report properly consumed by the Steer Protocol team with no outstanding remediative actions remaining.

Post-Audit Conclusion (04cd0485d1)

The Steer Protocol team opted to revisit this audit report and address a previously-acknowledged exhibit; DFH-03S.

We evaluated the alleviation of DFH-03S and consider it adequate provided that they intend the DynamicFeeHook contract to solely receive native funds from the vault it is attached to.

The original security guarantees of the audit report remain upheld, and we continue to consider all outputs of the audit report properly consumed by the Steer Protocol team.

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
0000
9603
2200
3300
1100

During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 11 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.

Total Alleviations

The list below covers each segment of the audit in depth and links to the respective chapter of the report: