Executive Summary

From Aug 24, 2024, to Aug 26, 2024, the Oracly team engaged Fuzzland to conduct a thorough security audit of their Oracly project. The primary objective was to identify and mitigate potential security vulnerabilities, risks, and coding issues to enhance the project's robustness and reliability. Fuzzland conducted this assessment over 4 person-days, involving 2 engineers who reviewed the code over a span of 2 days. Employing a multifaceted approach that included static analysis, fuzz testing, formal verification, and manual code review, the Fuzzland team identified 1 issues across different severity levels and categories.

Scope

Project Name Oracly
Repository Link https://github.com/PhoboSys/pm-contracts
Commit c4fd6df312a51072d6bc82ceec92fcbed3cac7d2
Fix Commit bf0858eb17c082606f96e5eb21793ad57ea10484
Language Solidity - Polygon

Methodology

Engagement Summary

The engagement involved a team of skilled consultants/engineers who were responsible for various phases of the audit process, including onboarding, initial audits, additional audits, and quality assurance. Below is a summary of the engagements with specific dates and details.

Dates Consultants / Engineers Engaged Details
8/20/2024 Chaofan Shou, Eda Zhang Onboarding
8/24/2024 - 8/26/2024 Taotao Zhou, Chaofan Shou Initial Audit
9/1/2024 - 9/2/2024 Taotao Zhou Fix Audit #1

Vulnerability Severity

We divide severity into four distinct levels: high, medium, low, and info. This classification helps prioritize the issues identified during the audit based on their potential impact and urgency.