Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum
WEBSITE
https://parallel.fi/
DESCRIPTION
From May 3 to June 3, Parallel engaged Veridise to review the security of their OMNI Money Market Protocol. The review covered tokenization (focusing on the new NToken and MintableIncentivizedERC721), core protocol logic (such as borrowing/supplying mechanisms, liquidation logic, and pool/reserve behavior), as well as helpers and configuration files. Veridise conducted this assessment over 3 person-months, with three engineers working on code.
The auditing strategy involved tool-assisted analysis of the source code performed by Veridise engineers. The tools that were used in the audit included a combination of static analysis, bounded model checking, and formal verification. Some of these tools were developed specifically for the purpose of performing a thorough audit of the OMNI-MM contracts.
Audit Report
SCOPE
To understand the scope of the audit, we first reviewed the AAVE documentation and focused our efforts on understanding the difference between the AAVE protocol and the extensions proposed in Omni-MM. In this phase, our main goal was to understand how the protocol is intended to behave in the presence of ERC721. As much of the code is copied directly from the AAVE protocol (which has been audited multiple times) we focused our efforts on the portions of the code added by the Parallel developers.
In terms of the scope of the audit, the key components we considered include the following:
- Supply/Withdraw Mechanisms
- Pool/Reserve Logic
- Liquidation Logic
- FlashClaim Logic
- Validation Logic
- User Configuration
- Reserve Configuration
- Tokenization (NToken, MinitableIncentivizedERC721)