Omniscia Teahouse Finance Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in Teahouse Finance's on-chain portfolio implementation.
As the project at hand implements a multi-asset on-chain portfolio that interacts with multiple DeFi components, intricate care was put into ensuring that the flow of funds within the system conforms to the specifications and restrictions laid forth within the protocol's specification and that all integrations have been securely performed to the extent they could be validated.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple medium-severity vulnerabilities within the system which could have had moderate ramifications to its overall operation; we strongly advise the Teahouse Finance team to evaluate them and remediate them as necessary.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend the custom Uniswap V3 like protocol integration to be revisited.
A total of 56 findings were identified over the course of the manual review of which 22 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| AAT-01M |  |  | Inexistent Validation of Array Lengths |
| AOE-01M |  |  | Potential Misconception of Asset Invariance |
| AOE-02M | | | Inexistent Protection of Multiplication Overflow |
| AOE-03M | | | Inexistent Validation of Array Lengths |
| SRE-01M |  | | Potentially Dangerous Low-Level Call |
| SRE-02M |  | | Insecure Arbitrary Interactions |
| TVP-01M | | | External Security Requirements |
| TVP-02M | | | Inexistent Validation of Array Lengths |
| TVP-03M | | | Unsafe Casting Operation |
| TVV-01M | | | Non-Standard Gap Size Specification |
| TVV-02M | | | Discrepant Management of Fee Times |
| TVV-03M | | | Improper Fee Acquisition Methodology |
| TVV-04M | |  | Improper Order of Performance Fee Evaluation |
| TVV-05M | | | Insufficient Validation of Oracle Compatibility |
| TVV-06M | | | Improper Assumptions of Asset Maintenance |
| TVV-07M | | | Potential Hijack of High Water Mark Initialization |
| TVH-01M | | | Inexplicable Implementations of Uniswap V3 Interactions |
| TVH-02M | | | Deprecated Approval Operation |
| TVH-03M | | | Inexistent Prevention of Default Vault Value |
| TVH-04M | | | Insecure Uniswap V3 LP Provision |
| TVH-05M | | | Insecure Uniswap V3 LP Withdrawal |
| UVP-01M | | | Inexistent Sorting of Tokens |