Trail of Bits was engaged by OmniSync Foundation to conduct a comprehensive security audit of the OmniSync protocol. The engagement covered the Solana-based smart contracts (written using the Anchor framework), the Proof of Computation (PoC) verification algorithm, and the node daemon's interaction with the settlement layer.
The audit was conducted between March 25 and April 15, 2025, by senior security engineers Ivan Petrov and Ryan Walsh. A total of 9 findings were identified: 0 Critical, 0 High, 3 Medium, 3 Low, and 3 Informational. All Medium and Low severity findings have been confirmed as remediated by the OmniSync engineering team.
| Component | Language | Files | Lines of Code |
|---|---|---|---|
| omnisync-core/programs/settlement | Rust (Anchor) | 12 | 2,847 |
| omnisync-core/programs/staking | Rust (Anchor) | 8 | 1,203 |
| omnisync-core/programs/registry | Rust (Anchor) | 6 | 891 |
| omnisync-poc/src | Rust | 15 | 3,412 |
| omnisync-daemon/src | Go | 22 | 4,108 |
| ID | Severity | Title | Status |
|---|---|---|---|
| TOB-001 | Medium | Validator reward distribution rounding error | ✓ Fixed |
| TOB-002 | Medium | Node registration allows duplicate wallet binding | ✓ Fixed |
| TOB-003 | Medium | Escrow timeout edge case allows double-claim | ✓ Fixed |
| TOB-004 | Low | Burn calculation uses integer division (precision loss) | ✓ Fixed |
| TOB-005 | Low | Missing event emission on stake withdrawal | ✓ Fixed |
| TOB-006 | Low | Unchecked arithmetic in fee calculation path | ✓ Fixed |
| TOB-007 | Info | Missing NatSpec comments on public functions | ✓ Acknowledged |
| TOB-008 | Info | Hardcoded timeout constants should be configurable | ✓ Acknowledged |
| TOB-009 | Info | Daemon connection retry logic lacks exponential backoff | ✓ Fixed |
The validator reward distribution function in settlement/src/rewards.rs uses integer division when calculating per-validator shares. Over many distribution cycles, this results in dust accumulation in the reward pool that is never distributed, effectively locking small amounts of $OMNI in the contract permanently.
Fixed in commit b7d2f9a. Trail of Bits verified the fix is complete and correct.
The node registry program did not enforce uniqueness of wallet-to-node-ID mappings. An attacker could register the same wallet address to multiple node IDs, potentially inflating their stake weight in the validator selection algorithm without locking additional $OMNI as collateral.
A PDA (Program Derived Address) uniqueness constraint was added to the register_node instruction. The constraint derives a unique account from the wallet pubkey, making duplicate registration impossible at the protocol level.
In a race condition between job completion confirmation and escrow timeout expiry, it was theoretically possible for a compute provider to receive payment through job completion while simultaneously triggering the consumer's timeout refund. The window was extremely narrow (under 400ms) but exploitable under adversarial network conditions.
A mutex flag (escrow_settled: bool) was added to the escrow account. Both the completion and timeout paths now check and set this flag atomically, making double-claim impossible.
Trail of Bits performed the following analysis activities during this engagement:
OmniSync's codebase is well-structured and demonstrates security-conscious development practices. The Anchor framework is used correctly, account ownership checks are consistently applied, and the Proof of Computation algorithm shows novel and thoughtful design.
All identified findings have been remediated. Trail of Bits considers the OmniSync protocol suitable for mainnet deployment subject to ongoing monitoring and the scheduled pre-launch re-audit by Halborn Security.