Foresight Case Study
Securing a successful public launch.
Phage Security was super helpful as a preliminary audit partner. They caught important edge cases that gave us the confidence to launch publicly.
Highly recommended!
- Eason Chai (Lead Developer), Foresight
Team
Pyro
Lead Security Researcher
Lead Security Researcher at Sherlock.
Over 100 audits performed and 400+ bugs found.
Deth
Lead Security Researcher
Lead Security Researcher at Sherlock.
OG auditor with multiple Top3 finishes in audit contests.
YanecaB
Security Researcher
A promising Security Researcher.
In the space for ~8 months, and showing remarkable results!
About the Client
Foresight is a prediction market built on Katana, utilizing AUSD as collateral for trading conditional tokens representing different event outcomes. The system employs LMSR (Logarithmic Market Scoring Rule) automated market maker to provide liquidity and dynamic pricing, while the ConditionalTokens contract manages ERC1155-based outcome positions that can be minted, traded, and redeemed upon condition resolution.
Key Metrics
Severity Count
| Severity | Count |
|---|---|
| High | 3 |
| Medium | 1 |
| Low | 2 |
6
Total Findings
3 / 3
High Resolved
1 / 1
Medium Resolved
5 Days
Audit Duration
011e...7ad0
Commit hash
7351...a864
Remediation hash
Katana
Network
Prediction Market
Project type
High Severity Issues and Fixes
H-1: AMM `mint` function miscalculates collateral backing
Impact: Market prices are vulnerable to manipulation by MEV bots.
Fix: Ensure markets have sufficient liquidity before they begin operating.
H-2: Any user can drain the referral contract
Impact: Users can drain the referral contract.
Fix: Whitelist specific market addresses to prevent users from entering malicious addresses.
H-3: Unauthorized redemption in `redeemPositionForUser`
Impact: Users can redeem other users' positions without consent.
Fix: Implement access control for `redeemPositionsForUser`.
Why Phage Security?
Foresight entrusted its security to Phage due to our proven ability to source highly skilled security researchers who possess extensive experience in the prediction market space. The combined expertise of our two lead researchers and the diligent work of our entire security team gave the Foresight team the confidence they needed to launch their platform securely.