.svg)
Summary
The most critical subjects covered in our audit are external integrations with UMA and the ConditionalToken Framework, solvency such that refunds from a game are not spent by another game, and functional correctness of the state transitions, also with respect to asynchronous callbacks and admin actions. Security regarding all the aforementioned subjects is high.
The general subjects covered are documentation, testing, missing refunds, Denial of Service attacks and front-running. Security regarding all the aforementioned subjects is high. Documentation regarding the state transitions is expanded out in the following System Overview. During the review, an issue in the UMA protocol has been uncovered that could have affected the Polymarket contracts. The issue has been resolved with the collaboration of UMA.
In summary, we find that the codebase provides a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About UMA Sports Oracle
Polymarket implements UMA Sports Oracle, a smart contract that allows the creation of conditional tokens for bets on sport games. Several types of bets are possible for a given game. UMA Sports Oracle allows querying the game result only once in the UMA Optimistic Oracle to resolve the outcome of several bets.
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead