Powerloom L2
Summary
**Fix Review Update** The client fixed/mitigated all the high and medium severity issues. The fixes were collectively provided. in the commit `f0e7c3ac8fb2080b2a9e50f04c4dc15332e41049 `, which might have included changes that were not audit related. Only changes related to the issues were reviewed. **Initial Audit** Powerloom is a protocol deployed on Prost chain, that aims to provide a reliable and up-to-date market of data for third-party applications and users. The protocol allows users to mint nodes that have the ability to take snapshots for a given set of projects. Then, a centralized sequencer will submit these snapshots on-chain. Validators then start submitting attestations to the different batches. The incentive for nodes is to receive available rewards once they reach a defined threshold of submissions. Nodes are modeled as ERC1155 tokens and can be burned and the owners can claim back their original investment. The protocol relies on a sophisticated off-chain event-handling system, that is out of the scope of this audit, as well as its interactions with the contracts. The audit identified 2 main issues of high severity as well as multiple medium and low severity issues. The first issue is related to allowing for multiple votes per validator, and the second is an incorrect accounting for node rewards. it is recommended to fix the issues before deployment.
Issues (25)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | 5 | - | - | - | 5 |
Fixed | 12 | 6 | 2 | - | 20 |
| Total | 17 | 6 | 2 | 0 | 25 |