Omniscia Seen Haus Audit
NFT Auction Sale System Security Audit
Audit Overview
We were tasked with auditing the codebase of Seen Haus and in particular their novel NFT sale and auction system that also supports escrowed physical NFTs to be sold via a unique ticketing mechanism.
Over the course of the audit we identified multiple complex vulnerabilities that arise from a combination of re-entrancy attacks and system conditions that can lead to loss of user funds.
Additionally, we have noted a wide array of gas and code style optimizations that can be applied to the codebase which we advise the Seen Haus to consider.
On an additional note, the Diamond system implementation that we observed in the codebase appears to be outdated. We strongly advise the Seen Haus team to update to the latest version which will be covered under the scope of the audit.
Post-Audit Conclusion
The Seen Haus team has remediated all findings identified in the report and has provided responses to certain ones that were after consideration deemed either null or inapplicable. The final state of the codebase is of exemplary quality conforming to the CEI pattern, containing extensive documentation, and ultimately fulfilling the project's purpose in a secure manner.
Contracts Assessed
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
| Major | 3 | 3 | 0 | 0 |
| Medium | 2 | 2 | 0 | 0 |
| Minor | 8 | 8 | 0 | 0 |
| Informational | 12 | 11 | 0 | 1 |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 24 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: