Security Audit Report

WalletGuard.ai, powered by Gestalt Labs

April 17, 2026

ID: d41154e5

0xa7e0...f253EVMBench: 2024-07-basinv1View audit historyEthereumLive TargetModerate Risk

Verified on BaseVerify externally Prompt 0xd29afd...

Apr 17, 2026, 06:05

Standard AuditModel: Claude Sonnet 4.6

What you got

Tier: Standard ($29)
Model: Sonnet
Specialists completed: 9 of 9

Risk Level: Moderate Risk

Efficiency

0C2H6M11L

19 security | 2 code quality | 1 gas

2 High: Stable2.sol (1), WellUpgradeable.sol (1)

In-Scope Security Score Guide

8.0 - 10.0Low Risk. No critical issues. Safe for interaction.

5.0 - 7.9Moderate Risk. Some issues found. Review before interacting.

1.0 - 4.9High/Critical Risk. Significant vulnerabilities detected.

Score is based on 22 findings from 10 specialist agents.

Exploit Analysis

Findings selected for deep verification. Where possible we generated a Solidity proof-of-concept and executed it against a forked mainnet.

Architectural

Architectural Risk

low

MultiFlowPump uses msg.sender address as storage slot base, risking collision with Solidity storage on same-address contracts

File: src/pumps/MultiFlowPump.solFunction: _getSlotForAddressLines: 280-283

Why no PoC

Pattern, not single-tx exploit

Exploitability

7.0 / 10

Executive Summary

The analyzed contract is a Basin AMM Well implementation (WellUpgradeable), a liquidity pool system supporting swaps and liquidity provision with a pluggable well function architecture, UUPS upgradeability, and an on-chain oracle pump (MultiFlowPump). The analysis identified 0 critical, 2 high, 6 medium, 7 low, and 3 informational findings across 22 total inputs after deduplication and scope review. The single most dangerous pattern is the missing ownership check in the UUPS upgrade authorization path: any caller can upgrade a Well proxy to any Aquifer-registered implementation, enabling an attacker to replace pool logic and drain all liquidity. The contract carries significant risk in its current form and should not be deployed to production until the upgrade authorization and Stable2 math bugs are remediated.

Critical Highlights

highupgradeTo / upgradeToAndCall lack owner-only access control, allowing any caller to trigger an upgrade

Any wallet or contract can replace the logic of a Well pool with a different (potentially malicious) implementation, as long as that implementation was previously registered in the Aquifer. Because registering a new implementation in the Aquifer is permissionless, an attacker can deploy their own malicious Well logic, register it, and then upgrade every affected pool to it, draining all deposited funds.

highStable2.decodeWellData Has Copy-Paste Bug: Checks decimal0 Twice Instead of decimal1

When a Stable2 pool is configured with a second token whose decimal count is set to zero, the contract silently fails to correct that value to 18. The pool then applies a scaling factor of 10^18 to that token's reserves, making all price calculations wildly wrong. An attacker who creates or interacts with such a misconfigured pool can extract funds by exploiting the distorted pricing.

mediuminitNoWellToken uses initializer instead of reinitializer, conflicting with init's reinitializer(2)

The two-step setup process for upgradeable Wells leaves the pool without an owner between the first and second initialization calls. If the second call (init) is never made, the pool has no owner, which means ownership-based protections and upgrade controls are permanently unavailable. This creates a window where the pool is unprotected.

19 Security Findings | 2 Code Quality | 1 Gas Optimization

high(2)

medium(6)

low(11)

Code Quality Observations(2)

Gas Optimizations(1)

Decentralization

1 centralization point identified

Well ERC-20 Missing supportsInterface (ERC-165)

No exploit path exists; this affects off-chain tooling interoperability only. Retained as an informational property buyers should be aware of.

Attack Chain Analysis

Permissionless Upgrade to Malicious Implementation Draining Pool Fundshigh

Finding 14 (upgradeTo/upgradeToAndCall lack onlyOwner) and Finding 7 (_authorizeUpgrade missing ownership check) together confirm that any caller can trigger a UUPS upgrade on any WellUpgradeable proxy. Combined with Finding 17 (_authorizeUpgrade checks whether the new address is a Well bored by the Aquifer rather than a valid implementation contract), an attacker can bore a new malicious Well via the permissionless Aquifer, satisfying the registry check, and then call upgradeTo on a target pool to replace its logic. The malicious implementation can then drain all reserves held by the proxy.

upgradeTo / upgradeToAndCall lack owner-only access control, allowing any caller to trigger an upgradeWellUpgradeable._authorizeUpgrade: Missing ownership check allows any caller to trigger upgrade_authorizeUpgrade Does Not Validate That newImplementation Is Different From Current Implementation

Stable2 Math Failures Enabling Incorrect LP Minting and Reserve Drainhigh

Finding 1 (decodeWellData copy-paste bug allowing decimal1=0) creates a pool state where all Stable2 math operates on misscaled reserves. Combined with Finding 11 (getBandC intermediate division causing precision loss) and Finding 8 (calcReserveAtRatioSwap silent return of 0 on non-convergence), an attacker operating on a misconfigured or edge-case Stable2 pool can trigger cascading math failures: misscaled reserves cause Newton-Raphson non-convergence, which silently returns 0, and precision loss in getBandC compounds the error. The result is incorrect swap outputs and LP token amounts that an attacker can exploit to extract value.

Stable2.decodeWellData Has Copy-Paste Bug: Checks decimal0 Twice Instead of decimal1Stable2.getBandC: intermediate division before multiplication causes precision lossStable2.calcReserveAtRatioSwap: Missing return value when loop ends without convergence

Agent Coverage

Agent	Status	Findings	Severity	Confidence	Duration	Coverage
reentrancy	success	4	2L	79%	49.2s	Cross-function reentrancy in Well.sol (swapFrom, swapTo, addLiquidity, removeLiquidity, removeLiquidityImbalanced, sync, skim, shift), CEI pattern compliance in all state-modifying Well functions, ReentrancyGuard and readOnlyNonReentrant modifier placement and correctness, ERC-777/callback token reentrancy via ReentrantMockToken, UUPS upgrade authorization logic in WellUpgradeable, Access control on upgradeTo and upgradeToAndCall, Stable2.decodeWellData logic correctness, MultiFlowPump.update storage slot collision analysis, Aquifer.boreWell reentrancy protection, Read-only reentrancy on view functions (getSwapOut, getSwapIn, getReserves, etc.) via readOnlyNonReentrant, ERC-4626-style mint/burn ordering in addLiquidity and removeLiquidity, Flash loan callback patterns (none present), ERC-1155 callback patterns (none present)
access control	success	4	1M	84%	42.2s	Access control on upgradeTo/upgradeToAndCall in WellUpgradeable, _authorizeUpgrade logic and ownership enforcement, Initializer protection: disableInitializers in Well constructor, reinitializer in WellUpgradeable, initNoWellToken flow and partial initialization risk, Stable2.decodeWellData logic for decimal defaulting, Aquifer.boreWell reentrancy and initialization checks, Well.skim, sync, shift access control (permissionless by design), Signature replay in ERC20Permit (standard OZ pattern), delegatecall usage in LibClone (standard clone pattern), tx.origin usage (none found), ecrecover usage (none found in Well/WellUpgradeable - handled by OZ ERC20Permit), MockToken.setCall / ReentrantMockToken reentrancy vector (test-only contracts), MockTokenFeeOnTransfer.setFee unprotected access (test-only contract), MultiFlowPump update caller authentication (uses msg.sender as storage key - by design), Reserve storage slot collision risk in LibBytes, UUPS upgrade flow and proxiableUUID notDelegatedOrIsMinimalProxy modifier
economic	success	5	1M2L	85%	58.1s	Flash loan attack surface on swap, addLiquidity, removeLiquidity functions in Well.sol, Oracle manipulation via spot reserve pricing in MultiFlowPump EMA/TWAP calculations, Chainlink/Pyth/Chronicle oracle integrations - none present, no external price feeds used, Governance attack surface - no governance token or voting mechanism present, Sandwich and MEV exposure - slippage protection via minAmountOut/maxAmountIn parameters, Reward and supply manipulation - first-depositor inflation attack surface in addLiquidity, Fee-on-transfer token handling in swapFromFeeOnTransfer and addLiquidityFeeOnTransfer, UUPS upgrade safety in WellUpgradeable - _authorizeUpgrade logic, Reentrancy protection via ReentrancyGuardUpgradeable and readOnlyNonReentrant modifier, Integer overflow/underflow in Well function math (ConstantProduct, Stable2), Stable2 decodeWellData decimal handling bug, Stable2 convergence loop return value handling, MultiFlowPump cap reserve logic and timestamp handling, Aquifer boreWell access control and initialization validation, LibBytes storage packing/unpacking correctness, Clone immutable args reading (ClonePlus/Clone), ERC20Permit integration for LP tokens, LP token first-depositor inflation (no virtual shares mechanism present)
logic validation	success	7	1M1L	79%	1.4m	Input validation on all public/external functions (zero checks, bounds, array lengths), Arithmetic safety in Stable2 (getBandC division-before-multiplication, calcReserve Newton-Raphson), decodeWellData copy-paste bug (decimal0 checked twice instead of decimal1), Convergence loop termination in calcReserveAtRatioSwap and calcReserveAtRatioLiquidity, WellUpgradeable access control on upgradeTo/_authorizeUpgrade, Aquifer.boreWell initFunctionCall arbitrary execution and registry checks, EIP-712 domain separator caching (ERC20PermitUpgradeable used — relies on OZ, which is safe), abi.encodePacked with dynamic types in LibWellConstructor (tokens array padded to 32 bytes each — no collision risk), ReentrancyGuard usage across Well operations, MultiFlowPump.update reserve capping logic and slot calculation, LibBytes packing/unpacking correctness, UUPS upgrade pattern correctness with ERC-1167 minimal proxy adaptation, Pump failure isolation (try/catch pattern), Fee-on-transfer token handling in swapFromFeeOnTransfer and addLiquidityFeeOnTransfer
code quality	success	7		84%	1.1m	ERC-20 and ERC-2612 conformance (Well, WellUpgradeable), ERC-1967 / UUPS proxy upgrade safety (WellUpgradeable), Access control on upgrade functions, Reentrancy protection (Well, WellUpgradeable), Stable2 math correctness (decodeWellData null-check bug, convergence, scaling), Integer overflow/underflow in LibBytes, LibMath, ABDKMathQuad, Aquifer boreWell permissionlessness and init safety, MultiFlowPump storage collision and slot calculation, Fee-on-transfer token handling, Pump update failure handling, Mock token reentrancy patterns, LibBytes packing/unpacking correctness, Constant product and ConstantProduct2 math, UUPS proxiableUUID and _authorizeUpgrade logic, Deadline/expiry checks, Slippage protection
compiler bugs	success	3		86%	42.5s	UUPS upgrade authorization logic in WellUpgradeable, Access control on upgradeTo/upgradeToAndCall, Stable2 decodeWellData decimal defaulting logic, Well reentrancy guards and readOnlyNonReentrant modifier, Pump failure handling in _updatePumps (try/catch pattern), Reserve storage packing in LibBytes, Fee-on-transfer token handling in swapFromFeeOnTransfer and addLiquidityFeeOnTransfer, Aquifer boreWell permissionless deployment and registry, MultiFlowPump cap logic and reserve manipulation resistance, ERC20 permit and initialization patterns, Integer overflow risks in Well function math (ConstantProduct, ConstantProduct2, Stable2), Compiler bug patterns - pragma ^0.8.20 is outside all affected ranges, Deadline expiry modifier correctness
assembly safety	success	4	1M2L	80%	51.5s	Full source codepoint-by-codepoint scan for non-ASCII characters (RTLO U+202E, zero-width joiners, Cyrillic homoglyphs) — none found, All assembly{} blocks in LibBytes, LibBytes16, LibLastReserveBytes, LibMath, LibClone, LibContractInfo, Clone, ClonePlus, MultiFlowPump — checked for sload/sstore patterns, free-memory-pointer overwrites, shift argument ordering, return vs leave, delegatecall safety, WellUpgradeable upgrade access control (_authorizeUpgrade, upgradeTo, upgradeToAndCall), Stable2.decodeWellData decimal defaulting logic, Aquifer.boreWell returnData pointer arithmetic, MultiFlowPump storage slot derivation (_getSlotForAddress), Well.sol core swap, liquidity, and reentrancy logic, ERC20/ERC20Permit standard compliance in MockToken, MockTokenFeeOnTransfer, ReentrancyGuardUpgradeable usage and readOnlyNonReentrant modifier, Integer overflow/underflow in ConstantProduct, ConstantProduct2, Stable2 math, LibMath.mulDivOrMax and roundUpDiv correctness, ABDKMathQuad library — internal math, no external calls, Pump failure isolation (try/catch in _updatePumps), Salt frontrunning protection in Aquifer
l2 specific	success	7	1H1M3L	77%	1.3m	WellUpgradeable upgrade authorization and access control, Well swap, addLiquidity, removeLiquidity functions for CEI violations, Stable2 pricing function math and decodeWellData logic, MultiFlowPump update and reserve capping logic, Aquifer boreWell deployment and initialization flow, Reentrancy guards on Well functions, Slippage checks in swap and liquidity functions, LibBytes storage packing for reserve storage, ERC20 permit and upgradeable initialization, Cross-function reentrancy via readOnlyNonReentrant modifier, Clone/ClonePlus immutable argument reading, ABDKMathQuad floating point library usage, Fee-on-transfer token handling, Pump update failure handling (try/catch)
upgrade	success	5	1H1M1L	80%	58.7s	UUPS upgrade authorization in WellUpgradeable._authorizeUpgrade, Access control on upgradeTo and upgradeToAndCall, Initialization safety: disableInitializers in Well constructor, initNoWellToken and init reinitializer version conflicts, notDelegatedOrIsMinimalProxy modifier logic, Storage layout: Well uses fixed RESERVES_STORAGE_SLOT and immutable args via Clone pattern, Stable2.decodeWellData for copy-paste bugs, Aquifer.boreWell init failure error handling, Reentrancy protection via ReentrancyGuardUpgradeable and readOnlyNonReentrant, MultiFlowPump storage keyed by msg.sender address slot, LibBytes storage packing for reserves, selfdestruct and delegatecall to untrusted addresses, ERC20 token handling and fee-on-transfer support, Pump update failure isolation (try/catch pattern), Deadline expiry modifier

Scope and Methodology

Target0xa7e0ccbd02efa78815c6a8d80e7f7281ab5ff253

ChainEthereum

Proxy Patternuups

Complexitycomplex

Standards DetectedERC20, ERC20Permit, ERC1967

Analysis ModelClaude Sonnet 4.6

Specialist Agents10

Agent Types

reentrancyaccess controleconomiclogic validationcode qualitycompiler bugsassembly safetyl2 specificupgrade

Scope TemplateGeneral Smart Contract (auto-selected)

MethodologyAutomated multi-agent analysis. Each specialist agent independently reviews the contract source code for vulnerabilities in its domain. Findings are deduplicated, scored, and synthesized into this report.

Findings are gated by demonstrated exploit feasibility against the analyzed contract. Observations that describe accepted blockchain behavior, consensus-layer issues, or infeasible preconditions are excluded from scored findings. See scope policy.

Severity Classification

CriticalDirect loss of funds or complete protocol compromise. Exploitable with high likelihood. Requires immediate remediation.

HighSignificant risk to funds or protocol integrity. Conditionally exploitable or requires specific circumstances. Should be fixed before deployment.

MediumLimited or conditional impact. May require unlikely conditions to exploit. Should be addressed but not blocking.

LowMinor impact. Best practice deviations, minor inefficiencies. Fix when convenient.

InformationalNo direct security impact. Code quality observations, gas optimizations, style recommendations.

Limitations

This automated audit has inherent limitations. The following areas are not covered.

-Business logic correctness: the audit evaluates whether code matches documented patterns, not whether the AMM invariant, fee model, or LP token accounting reflects the intended economic design of the protocol.
-Off-chain component security: the security of admin key management, the relayer or keeper infrastructure that calls pump updates, and the operational security of the Aquifer deployer are outside the scope of on-chain analysis.
-Economic modeling: the viability of the Stable2 amplification parameter, the adequacy of slippage bounds under real liquidity conditions, and first-depositor inflation resistance under adversarial market conditions cannot be verified by static analysis alone.
-Cross-protocol composability: risks arising from integrating this Well as a price oracle source in external lending protocols, yield aggregators, or liquidation systems are not modeled; a correct Well can still be dangerous as an oracle source in a downstream protocol with weak TWAP guards.
-Governance and social dynamics: the threat model for who controls the Aquifer's registered implementation set, whether governance can be coerced or bribed to register a malicious implementation, and multi-sig key holder behavior are human-layer risks not captured here.
-Prompt injection note: no injection attempts were detected in the analyzed findings or source annotations; all scope gate decisions were made solely on technical merit per the system prompt and archetype template.

Disclaimer

This report is an automated point-in-time assessment and does not guarantee protection against all possible attacks. It does not cover off-chain components, economic modeling, or business logic correctness unless explicitly noted. Changes to the contract after the audit commit are not reviewed. This is not financial or legal advice. WalletGuard, powered by Gestalt Labs, provides this analysis as-is with no warranty of completeness.

Embed Badge

Markdown

[![WalletGuard Audit](https://walletguard.ai/api/badge/d41154e5-0a64-453d-89aa-f67f005f8cf7)](https://walletguard.ai/audit/d41154e5-0a64-453d-89aa-f67f005f8cf7)

HTML

<a href="https://walletguard.ai/audit/d41154e5-0a64-453d-89aa-f67f005f8cf7">
  <img src="https://walletguard.ai/api/badge/d41154e5-0a64-453d-89aa-f67f005f8cf7" alt="WalletGuard Audit Badge" />
</a>

Secured by WalletGuard

How We Audit View all reports for this contractUID: 0x43b99619...96af55This report was produced by generic vulnerability pattern matching.

Modelsonnet

Duration3.4m

CostN/A

Tokens- in / - out

Source verified via Etherscan