Omniscia vfat Audit
Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in vfat's Sickle ecosystem.
As the project at hand implements a multi-protocol integrating vault-like system, intricate care was put into ensuring that the flow of funds & assets within the system conforms to the specifications and restrictions laid forth within the protocol's as well as any integrated system's specification.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed multiple significant vulnerabilities within the system which could have had moderate-to-severe ramifications to its overall operation with some conveyed ahead of time to the vfat team to be promptly remediated. For more information, kindly consult the audit's summary.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend it to be expanded at certain complex points that have been outlined via dedicated exhibits within the audit report.
A total of 64 findings were identified over the course of the manual review of which 34 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| AGR-01M |  |  | Potentially Weak Gauge Validation |
| ANO-01M |  | | Unconventional Self-Authorization |
| ANO-02M | |  | Incompatible Implementation Types |
| CMC-01M | | | Non-Standard Order of Compound Operations |
| CRY-01M |  | | Potential Failure of Graceful Function |
| EGC-01M |  |  | Incorrect Equalizer Gauge Integration |
| ERC-01M | | | Inexistent Approval of LP Units |
| FSY-01M |  | | Inexistent Guarantee of Fee Capture |
| FSY-02M | | | Swap-Based Fee Bypassing |
| FLI-01M | | | Inexistent Validation of Flash-Loan Validity |
| FSG-01M | | | Argument-Based Decoding Dependency |
| FSG-02M | | | Non-Standard Fee Evaluation Mechanism |
| FSG-03M | | | Improper Premium Rounding Operations |
| FSG-04M | | | Potentially Incorrect Flash-Loan Amounts |
| LMR-01M | | | Inexistent Validation of Flash-Loan Validity |
| LMR-02M | | | Potential Strategy Incompatibility |
| MCR-01M | | | Potential Token Incompatibility |
| MFS-01M | | | Inexistent Guarantee of Fee Capture |
| MLL-01M | | | Non-Standard Initialization Disable Mechanism |
| NFS-01M | | | Inexistent Guarantee of Fee Capture |
| NSR-01M | | | Improper Validation of Slippage Values |
| NDM-01M | | | Non-Standard Initialization Disable Mechanism |
| NRC-01M | | | Inexistent Approval of LP Units |
| PSR-01M | | | Improper Validation of Slippage Value |
| RRC-01M | | | Inexistent Approval of LP Units |
| SEL-01M | | | Improper Initialization Disable Methodology |
| SFY-01M | | | On-Chain Race Condition of Sickle Deployment Approved Address |
| SMG-01M | | | Inexistent Transaction Expiry / Sequence |
| SLB-01M | | | Potential Token Incompatibility |
| TLB-01M | | | Invalid Message Value Validation Notion |
| UVR-01M | | | Improper Implementation of Empty Functions |
| UVR-02M | | | Incorrect Approval Target |
| VGR-01M | | | Potentially Weak Gauge Validation |
| VRC-01M | | | Inexistent Approval of LP Units |