Canonic Smart Contract Audit

A privileged attack vector requiring a compromised OracleAdapter owner (e.g., leaked private key, phishing, insider threat). The owner could immediately replace legitimate price feeds with a malicious contract via setFeedAdvanced() —with no timelock delay and no validation that the new feed returns reasonable prices. A compromised key could reprice the entire MAOB order book and drain 100% of protocol TVL in as few as two transactions.

Resolution: Implemented a timelock controller wrapping OpenZeppelin's TimelockController requiring a delay for all admin actions. A pauseGuardian role can pause instantly for emergencies, but only the timelock can unpause—preventing guardian abuse.

A creative asymmetric griefing vector. If minQuoteMaker is configured too low, an attacker can spam tiny dust orders across all 64 rungs with a single transaction. Every subsequent taker must iterate through each dusty rung, performing expensive Fenwick tree updates (~50–100k gas each)—causing 10–20x gas amplification on every legitimate trade. The attacker spends $1,000 in gas but causes $10,000+ in aggregate damage to protocol users.

Resolution: Added a new minQuotePerRung parameter to all taker functions. Rungs with liquidity below this threshold are automatically skipped, removing the gas amplification burden from takers and making dust attacks economically ineffective.

A subtle order-of-operations flaw in the CLP vault's withdrawal fee mechanism. Fee shares are burned before calculating the payout, but the payout uses the post-burn supply as its denominator—allowing withdrawing users to recapture a portion of their own burned fee. The effective fee follows Nominal Fee x (1 - userShareOfPool), meaning a whale owning 99% of a vault pays an effective fee of just 0.1% instead of the configured 10%.

Resolution: Introduced a netShares variable to track shares after fee deduction. Payout is now calculated using the original supply as the denominator, ensuring the effective fee rate matches the configured withdrawalFeeBps regardless of pool share.

The MAOB contract had independent pause controls for makers and takers, enabling problematic asymmetric states with no time bounds or reason codes. The most dangerous combination—“takers paused, makers active”—allows the order book to be reshaped without market clearing, creating conditions where insiders could seed favorable orders before execution resumes. It also breaks standard market maker patterns where atomic cancel-and-replace transactions would partially fail, leaving stale orders executable by takers.

Resolution: Replaced the two boolean flags with a constrained MarketState enum: Active, Halted (both paused), and UnwindOnly (makers paused, takers active with 1-hour auto-expiry). The dangerous “takers paused, makers active” combination is explicitly excluded. Reason codes are required for all state transitions.