Introduction
MetaZero is a Synthetic Liquidity Layer Protocol designed for the omnichain tokenization of gaming-related Real World Assets (RWAs). It leverages LayerZero to enable cross-chain interoperability. The MetaZero StakingContract enables users to stake $MZ tokens to earn rewards, forming the core of the protocol's incentive infrastructure.
Why Did They Need an Audit?
The MetaZero team sought a security review of their staking mechanism to validate its safety prior to deployment. The contract controls reward emissions, user balances, and fee logic. A miscalculation in the reward system, incorrect staking logic, or lack of proper access control could lead to loss of funds or abuse of staking rewards. To ensure user safety and protocol integrity, Three Sigma was engaged for a focused assessment.
Scope of the Engagement
- File Audited:
StakingContract.sol - Team: 2 auditors · 3 days
- Chains: Ethereum
Audit Date: 2024-04-08
Language: Solidity
Type: Code Audit
Results and Findings
Key High-Severity Issues
Reward Overdraw Risk
Description: If rewardRate * emissionDuration exceeds deposited tokens, stakers could withdraw others’ principal or fees.
Resolution: Added logic to cap rewards by subtracting totalStaked + feesAccrued from contract balance.
Equal Rewards Post Emission Extension
Description: If emissionEnd is extended after expiration, all stakers receive rewards as if they were staking since the previous end, even if they joined later.
Resolution: Removed this functionality entirely.
In conclusion
Three Sigma conducted a rapid yet comprehensive audit of MetaZero’s StakingContract over a three-day period. The audit surfaced two high-severity logic issues that could have led to significant reward miscalculations and protocol inconsistencies. After discussion with the client, both issues were addressed promptly.
The remaining low and informational findings relate to gas optimizations, code clarity, and event emissions. These are either acknowledged or implemented, strengthening the overall robustness of the contract.
MetaZero’s staking logic now adheres to sound security principles, safe accounting practices, and clearly defined emissions, ready for secure on-chain deployment.
