Auric Network

Summary

The platform of Auric Network consists of an ERC20 token with governing and rebasing functionality (in a great extent cloned from the Compound and Yam project---both previously audited), and the token distribution platform via staking pools by SNX. The token distribution platform contains code additions to support the rebasing token. The code of the token is simplified by removing some functionality.   The security of some parts of the smart contracts rely on on-chain configuration. Quantstamp was notified that the token and the distribution platform, less rebasing, timelock, and the governor, are already deployed on mainnet, and thus is able to verify the present configuration. Quantstamp currently deems the distribution mechanism safe, with the exception of the listed findings. The notoriously known SIP-77 issue is fixed in the code. The auditing team was able to confirm that the deployer of the contracts does not have the ability to remove the funds from staking pool. As outlined, a configuration error could lead to disabling the reward claiming (and consequently withdrawing functionality), which is currently not the case, and the Auric Network team confirmed that no re-configuration is intended in the future. The Quantstamp team also confirmed that the token respects the ERC20 interface and does not contain overflow errors. A misconfiguration of the rebasing functionality can lead to the denial of service on the token contract, however, the configuration can be controlled by the governance which can correct such actions. The codebase contains some privileged features that are intended to be controlled by the governance.   The codebase overall appears free of defects, with the exception of the findings outlined in the report. Quantstamp did not discover an option of the contract deployer being able to execute a so-called "rug pull" or otherwise access the staked funds when the platform is deployed and correctly configured on chain.

Project