Security is a top priority for Native. Native was built and designed following all of the industryβs best practices. Nativeβs contracts have been verified on Etherscan and BscScan.
Audit Overview
Native contracted Omniscia to audit its Native V1 smart contract. Omniscia's audit report was issued on February 26, 2023.
During the audit, Omniscia, filtered and validated a total of 12 findings utilizing static analysis tools as well as identified a total of 59 findings during the manual review of the codebase.
Based on the findings, the Native team alleviated and/or nullified all the issues raised by the Omniscia team.
Audit Synopsis
Issues Highlights:
[Major] FMH-01M: Unsafe Migration of Pragma Version (βAlleviated)
Description:
The FullMath library present in the codebase does not conform to the audited Uniswap V3 implementation as it has been upgraded to a 0.8.Xpragma version unsafely.
Solution:
All function code of the FullMath implementation has been wrapped in unchecked code blocks, ensuring that they are performed identically to the original Uniswap V3 implementation.
[Major] PFY-03M: Inexistent Exposure of Pause Functionality (βAlleviated)
Description:
The contract is meant to make use of the Pausable dependency to protect the addPoolCreator, and removePoolCreator functions, the modifiers are ineffectual as the contract can never be paused.
Solution:
The Pausable methods are now exposed using homonym functions (pause & unpause) protected with the onlyOwner modifier
The current exactOutput mechanism is unsafe and inoperable in production due to the significant gas cost as well as stack space it utilizes, causing it to frequently run out of memory (OOM), out of gas (OOG), and / or out of stack space (OOS). Additionally, if a pool is entered twice as part of a multi-order swap the transaction will fail as each pool has a nonReentrant protection mechanism in its swap function.
Solution:
The exactOutputSingle and exactOutput functions have been commented out of the codebase rendering this exhibit no longer applicable.
The referenced statements perform an unsafe casting operation from a uint256 data type to an int256 data type. As the casting overflow will benefit the user due to its presence in the executeSwapToTreasury function, a carefully crafted order payload can be exploited to extract a set of funds from the treasury whilst transmitting close to none.
Solution:
The limitations on the input variables have been properly applied.
[Medium] RRE-03M: Inexistent Protection Against Multi-Order Invocation (βAlleviated)
Description:
The exactOutputSingle will misbehave if it is invoked with a params.orders argument that contains more than one orders. If a user invokes the wrong function, they will end up evaluating an incorrect slippage value for the amountInMaximum comparison thus causing them to incur slippage they cannot protect against.
Solution:
The exactOutputSingle function has been commented out of the codebase as highlighted in RRE-04M: Inoperable Output Swap Mechanism; this exhibit is nullified.
