Omniscia SoMee Audit
Token V Implementation Security Audit
We were tasked with auditing the codebase of SoMee and in particular their V2 implementation and migration code.
The V2 implementation is conformant to the ERC20 standard in full, in contrast to the V1 implementation, and is developed to the highest standard by inheriting code from the OpenZeppelin token standards, such as ERC20Burnable and more.
The token contains burning functionality, minting functionality and a migration code that burns V1 tokens to mint V2 tokens to the caller.
We were able to identify a severe issue in the overridden functions of the ERC20 standard that add pausability as well as identify certain optimizations that can be applied that we strongly urge the SoMee team to integrate as soon as possible.
| Files in Scope | Repository | Commit(s) |
|---|---|---|
| IONGv1.sol (ION) | SoMee | 0bcd7bda82, 17b0d1b49b |
| Manager.sol (MAN) | SoMee | 0bcd7bda82, 17b0d1b49b |
| SoMeeToken.sol (SMT) | SoMee | 0bcd7bda82, 17b0d1b49b |
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 4 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: