Omniscia WagmiDAO Audit
FAM GMI Token Ecosystem Security Audit
We were tasked with auditing the WagmiDAO codebase and in particular their two token implementations as well as their surrounding infrastructure involving a staking system, a bond program and a buyback mechanism interfacing with the USDC stablecoin.
Over the course of the audit, we identified certain improper sanitizations of configurational arguments that can cause the contract to misbehave as well as potential fringe cases under which the system does not seem to have been properly accounted for.
Additionally, we identified several optimizations that can be applied that we advise the WagmiDAO to consider and apply to ensure the codebase achieves optimal gas consumption.
Each contract file had multiple top-level declarations some of which were direct copies of OpenZeppelin's contracts and as such we advise the installation and usage of the said dependency to aid in the readability of the codebase.
On a final note, we observed that the system is of a relatively dynamic nature evaluating balances as well as adjustable fees on most entrypoints, a trait that can cause inconsistent behaviour between a transaction's submission and a transaction's execution in the blockchain network. For this purpose, we advise slippage checks to be evaluated and introduced where deemed applicable.
During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 30 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.
The list below covers each segment of the audit in depth and links to the respective chapter of the report: