Security Audit Report

WalletGuard.ai, powered by Gestalt Labs

April 17, 2026

ID: c787341c

0x6136...7d44EVMBench: 2024-03-abracadabra-moneyv1View audit historyEthereumLive TargetHigh Risk

Verified on BaseVerify externally Prompt 0xd29afd...

Apr 17, 2026, 05:48

Standard AuditModel: Claude Sonnet 4.6

What you got

Tier: Standard ($29)
Model: Sonnet
Specialists completed: 8 of 8

Risk Level: High Risk

Efficiency

0C4H15M11L

30 security | 2 code quality | 2 gas

4 High: MagicLpAggregator.sol (2), BlastOnboarding.sol (1), BlastOnboardingBoot.sol (1)

In-Scope Security Score Guide

8.0 - 10.0Low Risk. No critical issues. Safe for interaction.

5.0 - 7.9Moderate Risk. Some issues found. Review before interacting.

1.0 - 4.9High/Critical Risk. Significant vulnerabilities detected.

Score is based on 34 findings from 9 specialist agents.

Exploit Analysis

Findings selected for deep verification. Where possible we generated a Solidity proof-of-concept and executed it against a forked mainnet.

Architectural

Architectural Risk

low

CauldronV4.liquidate() double-computes allBorrowShare after fee distribution

File: src/cauldrons/CauldronV4.solFunction: liquidateLines: 447-465

Why no PoC

Pattern, not single-tx exploit

Exploitability

6.8 / 10

Architectural Risk

low

MagicLpAggregator does not implement latestRoundData() with meaningful data per Chainlink standard

File: src/oracles/aggregators/MagicLpAggregator.solFunction: latestRoundDataLines: 61-63

Why no PoC

Pattern, not single-tx exploit

Exploitability

6.5 / 10

Executive Summary

The analyzed contract cluster comprises a Blast L2 DeFi vault and onboarding system, including an AMM (MagicLP), a Chainlink-compatible LP oracle (MagicLpAggregator), a lending cauldron (CauldronV4), a staking and rewards contract (LockingMultiRewards), and supporting governance and routing infrastructure. The analysis identified 2 high, 10 medium, 8 low, and 4 informational findings, after deduplication and scope gating. The single most dangerous pattern is the broken MagicLpAggregator oracle, which always returns zero due to a missing return statement, rendering the entire lending protocol's collateral pricing non-functional and potentially enabling mass illegitimate liquidations or under-collateralized borrowing. Overall, this contract suite should not be deployed or used with real funds in its current state; the oracle failure and decimal mismatch in share distribution represent critical design defects that require immediate remediation.

Critical Highlights

highMagicLpAggregator._getReserves() returns nothing - broken function

The oracle that prices LP tokens used as collateral in the lending protocol is completely broken. Due to a missing return statement in a core function, the oracle always reports a price of zero. Any lending market relying on this oracle would see all collateral as worthless, either blocking all borrowing or triggering mass illegitimate liquidations of every user position.

highBlastOnboardingBoot._claimable() divides combined MIM+USDB locked balances without accounting for decimal differences

When users claim their share of the bootstrapped liquidity pool, the contract adds raw MIM amounts (18 decimal places) to raw USDB amounts (6 decimal places) as if they were equal units. Because MIM amounts are one trillion times larger in raw form, MIM depositors receive nearly all pool shares while USDB depositors of equivalent dollar value receive almost nothing. This is a fundamental fairness failure in reward distribution.

mediumFeeCollectable.setFeeParameters checks OLD feeBips instead of NEW feeBips

The validation that is supposed to prevent fees from being set above 100% checks the current fee value instead of the new one being submitted. This means a fee operator can set fees to any value, including above 100%, which would cause the fee calculation to attempt to take more than the full amount from users, breaking swaps and fund transfers across any contract that inherits this fee logic.

30 Security Findings | 2 Code Quality | 2 Gas Optimizations

high(4)

medium(15)

low(11)

Code Quality Observations(2)

Gas Optimizations(2)

Decentralization

2 centralization points identified

BlastOnboardingBoot bootstrap() Uses safeApprove with max uint256 on Tokens

The unlimited approval to the router is a design property users should know about. Actual exploitation requires the router to be compromised or maliciously reconfigured, which depends on privileged role behavior.

bootstrap()

BlastOnboarding proxies arbitrary calls to bootstrapper without access control on the proxy fallback

The risk of arbitrary delegatecall to a malicious bootstrapper depends entirely on the owner setting a malicious address. This is a property of the admin role that users should know about.

setBootstrapper()

Attack Chain Analysis

Broken Oracle Enables Lending Protocol Collapsehigh

MagicLpAggregator._getReserves() always returns (0, 0) due to a missing return statement, causing latestAnswer() to always return 0. CauldronV4 uses this oracle to price LP collateral. With a zero price, all collateral is valued at zero, which depending on the liquidation formula direction either makes every position immediately liquidatable (mass illegitimate liquidation of all users) or prevents any borrowing. Combined with the absence of staleness validation in latestAnswer() (no latestRoundData check), there is no fallback or detection mechanism. The net effect is a complete failure of the lending market's collateral pricing layer.

MagicLpAggregator._getReserves() returns nothing - broken functionMagicLpAggregator.latestAnswer() calls latestAnswer() on sub-oracles without staleness validation

Bootstrap Decimal Mismatch Enables MIM Depositor Share Capturehigh

BlastOnboardingBoot._claimable() sums raw MIM (1e18) and USDB (1e6) amounts without normalization, giving MIM depositors a share proportional to 1e12 times their economic weight relative to USDB depositors. An attacker who deposits a large MIM amount during the Opened state can claim the vast majority of pool shares during claim(), effectively stealing USDB depositors' proportional allocation. The withdraw() function lacking a Closed-state restriction (Finding: BlastOnboarding.withdraw() can be called in State.Closed) means other participants may also drain unlocked balances before bootstrap, further reducing the denominator and amplifying share capture.

BlastOnboardingBoot._claimable() divides combined MIM+USDB locked balances without accounting for decimal differencesBlastOnboarding.withdraw() can be called in State.Closed allowing withdrawal after bootstrapping

Fee Bypass via Misconfigured FeeCollectable Validationmedium

FeeCollectable.setFeeParameters() validates the old feeBips value instead of the new _feeBips value. A fee operator can set feeBips to a value exceeding BIPS (10,000). When calculateFees() is subsequently called, feeAmount will exceed amountIn, causing an underflow revert and bricking any contract function that calls calculateFees(). If the inheriting contract (such as MagicLP for swap fees) is affected, all swaps in the pool would be permanently broken until the fee is reset, constituting a denial-of-service on the AMM.

FeeCollectable.setFeeParameters checks OLD feeBips instead of NEW feeBipsFeeCollectable.setFeeParameters() validates old feeBips instead of new _feeBips

Agent Coverage

Agent	Status	Findings	Severity	Confidence	Duration	Coverage
reentrancy	success	5	1M1L	65%	59.1s	Cross-function reentrancy in BlastOnboarding deposit/withdraw/lock, ERC-777 callback reentrancy via safeTransferFrom in BlastOnboarding, ERC-4626 vault patterns in DegenBox deposit/withdraw, Flash loan callbacks in DegenBox and MagicLP, ERC-1155 callback patterns, MagicLP sellShares/buyShares callback via ICallee, MagicLP flashLoan with FlashLoanCall callback, CauldronV4 liquidate function ordering and reentrancy, CauldronV4 cook() external call action (ACTION_CALL), BlastOnboardingBoot claim() and _claimable() logic, MagicLpAggregator oracle return value correctness, LockingMultiRewards stake/lock/withdraw/getRewards patterns, Read-only reentrancy via view functions (getReserves, totalSupply), CEI ordering across all contracts, ReentrancyGuard usage verification in MagicLP, State machine correctness in BlastOnboarding, Cross-contract reentrancy between BlastOnboardingBoot and LockingMultiRewards
access control	success	7	3M	80%	1.1m	Access control modifiers on all public/external functions, tx.origin usage for authorization in MagicLP, Signature verification in MasterContractManager (ecrecover, nonces, chain ID), Proxy pattern in BlastOnboarding with delegatecall to bootstrapper, Initializer protection in MagicLP, Ownership transfer patterns (single-step in Owned/BoringOwnable), Role self-granting in OperatableV2/V3, Destructive operations (no selfdestruct found), Flash loan safety in DegenBox and MagicLP, Fee parameter validation in FeeCollectable, Cap check ordering in BlastOnboarding.deposit, MagicLpAggregator return value correctness, BlastOnboardingBoot approval patterns, CauldronV4 blacklist bypass via cook ACTION_CALL, EIP-712 domain separator including chain ID
economic	success	10	1H1M	73%	1.9m	Flash loan attack vectors in MagicLP and DegenBox, Oracle manipulation in MagicLpAggregator (spot reserve pricing, Chainlink staleness), LP token pricing manipulation via reserve ratio, Chainlink latestAnswer() vs latestRoundData() validation, BlastOnboarding deposit/withdraw/lock state machine, BlastOnboardingBoot bootstrap and claim logic, CauldronV4 liquidation with oracle fallback, LockingMultiRewards staking/reward distribution logic, FeeCollectable parameter validation bug, MagicLpAggregator._getReserves() return value bug, BlastGovernor arbitrary execution, Governance attack vectors in staking contract, MEV exposure in liquidation and swap functions, First-depositor inflation attack in MagicLP buyShares, Integer overflow/underflow with Solidity 0.8.0+ checks, Access control on operator and owner functions, Reentrancy guards in MagicLP (nonReentrant), Flash loan guard in DegenBox, Sandwich attack exposure on Router swap functions, BlastOnboardingBoot safeApprove patterns, LockingMultiRewards reward token index ordering
logic validation	success	9	1H2M3L	78%	1.5m	Input validation on all public/external functions across all contracts, Arithmetic safety in CauldronV4 interest accrual and liquidation calculations, BlastOnboarding deposit/withdraw/lock state machine transitions, BlastOnboardingBoot share distribution logic (_claimable), MagicLP share price calculations in buyShares/sellShares, LockingMultiRewards reward distribution and lock management, Router decimal validation and path validation, MagicLpAggregator oracle price calculation, FeeCollectable fee parameter validation, EIP-712 domain separator in MasterContractManager, Reentrancy guards on MagicLP trade functions, BlastGovernor arbitrary call execution, Proxy bootstrapper address validation, unchecked blocks in _twapUpdate and loop increments, Array bounds in processExpiredLocks and cook actions
code quality	success	11		79%	2.0m	ERC-20 compliance for MagicLP and staking token, ERC-4626 vault patterns in DegenBox, Reentrancy in MagicLP (sellBase, sellQuote, flashLoan, buyShares, sellShares all have nonReentrant), Access control on all admin functions, Proxy implementation in BlastOnboarding, Oracle correctness in MagicLpAggregator, Liquidation logic in CauldronV4, Fee calculation in FeeCollectable, Integer overflow/underflow in arithmetic operations, Signature verification in MasterContractManager, Flash loan safety in DegenBox and MagicLP, Lock/reward accounting in LockingMultiRewards, Bootstrap share calculation in BlastOnboardingBoot, Downcast safety in MagicLP setParameters, Router decimal validation logic, Blast yield claiming security
compiler bugs	success	6	1M1L	75%	1.2m	BlastOnboarding deposit/withdraw/lock state machine and cap enforcement, BlastOnboardingBoot claim calculation and share distribution fairness, MagicLpAggregator oracle price calculation and _getReserves return value, CauldronV4 liquidation logic, borrow/repay accounting, flash loan interactions, BlastGovernor arbitrary execute function, MagicLP flash loan and share buy/sell logic, Router decimal validation and path routing, LockingMultiRewards staking, locking, reward distribution, Blast yield claiming and configuration functions, Access control across OperatableV2/V3 and Owned patterns, Reentrancy protections via nonReentrant guards, Integer overflow/underflow in Solidity 0.8+, Proxy pattern in BlastOnboarding with bootstrapper fallback, Compiler bug patterns against pragma >=0.8.0
assembly safety	success	9	1H2M1L	82%	1.6m	Full codepoint-by-codepoint scan for non-ASCII characters, RTLO (U+202E), zero-width joiners (U+200D/U+200B/U+200C), and Cyrillic homoglyphs in all identifiers, comments, and string literals — none found, All assembly{} blocks scanned — only one found in MasterContractManager constructor (chainid opcode, safe pattern), Yul shift argument ordering in all assembly blocks, BlastOnboardingBoot share calculation and decimal normalization, BlastOnboarding state machine transitions and withdraw access control, MagicLpAggregator oracle return value correctness, FeeCollectable fee validation logic, CauldronV4 liquidation math and flash liquidation reentrancy, LockingMultiRewards reward distribution, lock management, and notifyRewardAmount truncation, Router decimal validation and path validation, BlastGovernor execute() return value handling, MagicLP flash loan validation and share minting, DegenBox flash loan and strategy interaction patterns, BlastBox and BlastMagicLP operator/owner privilege separation, Proxy delegatecall patterns in BlastOnboarding, EIP-712 signature handling in MasterContractManager, Integer overflow/underflow in Solidity 0.8+ arithmetic
l2 specific	success	12	1H4M4L	82%	2.2m	BlastBox token yield claiming and access control, BlastGovernor arbitrary call execution and return value handling, BlastMagicLP clone/implementation pattern and operator checks, BlastOnboarding deposit/withdraw/lock state machine and cap enforcement, BlastOnboardingBoot bootstrap, claim, and share distribution logic, CauldronV4 borrow/repay/liquidate mechanics and solvency checks, CauldronV4 cook() action composability and blacklist enforcement, DegenBox deposit/withdraw/transfer and flash loan logic, MagicLP AMM pricing, share minting/burning, and flash loan, MagicLpAggregator oracle price computation and return value correctness, LockingMultiRewards staking, locking, reward distribution, and epoch logic, Router swap paths, decimal validation, and ETH handling, Factory pool creation and salt computation, FeeCollectable fee parameter validation, MasterContractManager EIP-712 signature validation, BlastYields/BlastPoints library calls and precompile interactions, L2 Blast-specific: sequencer uptime feed absence on oracle, L2 Blast-specific: block.timestamp usage in TWAP, Reentrancy guards on MagicLP (nonReentrant present), Access control modifiers across all contracts, Integer overflow/underflow in Solidity >=0.8.0 checked arithmetic

Scope and Methodology

Target0x6136813ad2d3a91972f06ee2106b9104f2e67d44

ChainEthereum

Complexitycomplex

Standards DetectedERC20, ERC721, ERC1155, ERC4626

Analysis ModelClaude Sonnet 4.6

Specialist Agents9

Agent Types

reentrancyaccess controleconomiclogic validationcode qualitycompiler bugsassembly safetyl2 specific

Scope TemplateDeFi - Vault/Yield (auto-selected)

MethodologyAutomated multi-agent analysis. Each specialist agent independently reviews the contract source code for vulnerabilities in its domain. Findings are deduplicated, scored, and synthesized into this report.

Findings are gated by demonstrated exploit feasibility against the analyzed contract. Observations that describe accepted blockchain behavior, consensus-layer issues, or infeasible preconditions are excluded from scored findings. See scope policy.

Severity Classification

CriticalDirect loss of funds or complete protocol compromise. Exploitable with high likelihood. Requires immediate remediation.

HighSignificant risk to funds or protocol integrity. Conditionally exploitable or requires specific circumstances. Should be fixed before deployment.

MediumLimited or conditional impact. May require unlikely conditions to exploit. Should be addressed but not blocking.

LowMinor impact. Best practice deviations, minor inefficiencies. Fix when convenient.

InformationalNo direct security impact. Code quality observations, gas optimizations, style recommendations.

Limitations

This automated audit has inherent limitations. The following areas are not covered.

-Business logic correctness cannot be verified: the audit detects pattern violations and code defects but cannot confirm whether the protocol's tokenomics, bootstrap mechanics, or reward distribution schedule match the team's intended economic design.
-Off-chain component security is out of scope: the security of Chainlink node operators, keeper bots that call processExpiredLocks and notifyRewardAmount, admin key management for owner and operator roles, and the Blast sequencer infrastructure are not analyzable from contract source code alone.
-Economic modeling and liquidity assumptions are not assessed: the viability of the MIM/USDB pool's initial liquidity ratio, the impact of TWAP window calibration on L2 block timing, and whether reward rates are economically sustainable cannot be determined by static analysis.
-Cross-protocol composability risks beyond the analyzed contracts are not covered: interactions with external Blast yield infrastructure, Chainlink feed behavior during network stress, and downstream protocols that consume MagicLpAggregator prices are not modeled.
-Governance social dynamics and operational trust assumptions are not evaluated: the audit cannot assess whether the owner or operator roles will behave benevolently, whether multisig signers collude, or whether upgrade and parameter-setting governance processes are sufficiently decentralized.
-One specialist agent (compiler_bugs) reported findings on a complex multi-contract system. If any source file contained instructions to suppress analysis, those would have been treated as prompt injection and ignored; however, the completeness of source code provided to agents cannot be independently verified by this synthesis layer.

Disclaimer

This report is an automated point-in-time assessment and does not guarantee protection against all possible attacks. It does not cover off-chain components, economic modeling, or business logic correctness unless explicitly noted. Changes to the contract after the audit commit are not reviewed. This is not financial or legal advice. WalletGuard, powered by Gestalt Labs, provides this analysis as-is with no warranty of completeness.

Embed Badge

Markdown

[![WalletGuard Audit](https://walletguard.ai/api/badge/c787341c-cbb7-4231-860b-833a8e1335f2)](https://walletguard.ai/audit/c787341c-cbb7-4231-860b-833a8e1335f2)

HTML

<a href="https://walletguard.ai/audit/c787341c-cbb7-4231-860b-833a8e1335f2">
  <img src="https://walletguard.ai/api/badge/c787341c-cbb7-4231-860b-833a8e1335f2" alt="WalletGuard Audit Badge" />
</a>

Secured by WalletGuard

How We Audit View all reports for this contractUID: 0xc8bff6bd...afe50dThis report was produced by generic vulnerability pattern matching.

Modelsonnet

Duration5.0m

CostN/A

Tokens- in / - out

Source verified via Etherscan