Omniscia Steer Protocol Audit
PancakeSwap Infinity Hook Security Audit
Audit Report Revisions
| Commit Hash | Date | Audit Report Hash |
|---|---|---|
| 39053b8f8f | July 23rd 2025 | dbe197c541 |
| 5dd8944ae7 | August 10th 2025 | b03d4278f4 |
| 9711893da5 | August 15th 2025 | 73cd237c6c |
| 04cd0485d1 | September 3rd 2025 | 6e28368904 |
Audit Overview
We were tasked with performing an audit of the Steer Protocol codebase and in particular their PancakeSwap Infinity Hook module.
The system implements a dynamic fee evaluation mechanism as a before-swap hook that is based on the perceived volatility of a trading pair based on a Sigmoid formula.
Over the course of the audit, we identified a significant flaw in the initialization of the system as well as issues with the Sigmoid function inputs as well as arithmetic bounds.
We advise the Steer Protocol team to closely evaluate all minor-and-above findings identified in the report and promptly remediate them as well as consider all optimizational exhibits identified in the report.
Post-Audit Conclusion
The Steer Protocol team iterated through all findings within the report and provided us with a revised commit hash to evaluate all exhibits on.
We evaluated all alleviations performed by Steer Protocol and have identified that the requested clarifications around DFH-01M have not been supplied.
Post-Audit Conclusion (9711893da5)
The Steer Protocol team introduced documentation around the scaled volatility system that justifies its current implementation.
We consider all outputs of the audit report properly consumed by the Steer Protocol team with no outstanding remediative actions remaining.
Post-Audit Conclusion (04cd0485d1)
The Steer Protocol team opted to revisit this audit report and address a previously-acknowledged exhibit; DFH-03S.
We evaluated the alleviation of DFH-03S and consider it adequate provided that they intend the DynamicFeeHook contract to solely receive native funds from the vault it is attached to.
The original security guarantees of the audit report remain upheld, and we continue to consider all outputs of the audit report properly consumed by the Steer Protocol team.
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
![]() | 0 | 0 | 0 | 0 |
![]() | 9 | 6 | 0 | 3 |
![]() | 2 | 2 | 0 | 0 |
![]() | 3 | 3 | 0 | 0 |
![]() | 1 | 1 | 0 | 0 |
During the audit, we filtered and validated a total of 4 findings utilizing static analysis tools as well as identified a total of 11 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they can introduce potential misbehaviours of the system as well as exploits.
Total Alleviations
The list below covers each segment of the audit in depth and links to the respective chapter of the report:




