Omniscia Symbiosis Finance Audit
Meta Router Bridge Security Audit
Audit Overview
We were tasked with auditing the codebase of Symbiosis Finance and in particular the bridge and router modules meant to support their cross-chain synthetic asset system.
Over the course of the audit we identified a severe front-running vulnerability in the way reversions of relayed transactions occur that allow a user to cancel the transaction of another user arbitrarily.
Additionally, we were able to pinpoint several optimizations that can be applied across the codebase that we advise the Symbiosis Finance team to consider and apply along with remediations to all vulnerabilities identified within the report.
Post-Audit Conclusion
The Symbiosis Finance team remediated all the medium-severity and higher exhibits within the report adequately and alleviated a portion of the minor-to-informational severity findings according to their discretion.
The codebase can be considered of a high quality and adequately documented to be integrated by external projects.
The latest update to the codebase introduced graceful error handling that should not be considered as part of the audit scope.
Contracts Assessed
Audit Synopsis
| Severity | Identified | Alleviated | Partially Alleviated | Acknowledged |
|---|---|---|---|---|
 | 2 | 2 | 0 | 0 |
 | 2 | 2 | 0 | 0 |
 | 13 | 7 | 0 | 0 |
 | 14 | 8 | 0 | 0 |
During the audit, we filtered and validated a total of 3 findings utilizing static analysis tools as well as identified a total of 28 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: