Omniscia 2/23/2022
Issues IDs Summary:
BTR-01M BalanceTracker.sol
Auditor Severity Rating: Major
Description:
_delegate
function permits delegation of balances to account whos balance has not been properly initializedStatus: Fixed
The code has been adjusted so that the
_delegate
function also overwrites the token entry of thenewDelegateBal
, ensuring that it will always be non-zero.
Fix on Github:
DFN-M DelegateFunction.sol
Auditor Severity Rating: Minor
Description: The delegateWithEIP1271 function utilizes a contract-level nonce system that can cause race conditions to arise should multiple users attempt to submit a valid EIP-1271 signature for the same nonce.
Status: No Fix Needed
The Tokemak team has stated that they do not envision the race-behaviour to materialize in real-world use cases as the function is meant to be seldomly invoked.
Fix on Github: N/A
EPL-M EthPool.sol
Auditor Severity Rating: Minor
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
MAN-M Manager.sol
Auditor Severity Rating: Minor
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
OCV-M OnChainVoteL1.sol
Auditor Severity Rating: Minor
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
POO-M Pool.sol
Auditor Severity Rating: Minor
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
STA-M Staking.sol
Auditor Severity Rating: Minor
Description: The
slash
mechanism fatally fails if theamount
to be slashed exceeds theavailableToSlash
amount which can change between a transaction's submission and a transaction's execution in the network.Status: No Fix Needed
The Tokemak team stated that the function should indeed fatally fail in case the amount slashed mismatches the on-chain balance given that this can also mean the off-chain calculations were performed incorrectly. As a result, we consider this exhibit null.
Fix on Github: n/a
SSC-M SushiSwapControllerV2.sol
Auditor Severity Rating: Minor
Description: The
safeApprove
instruction performed by thedeploy
function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.Status: Fixed
The
_approve
function was refactored to accept an additional argument and is now safely utilized in the linked code.
Fix on Github:
SCV-M SushiswapControllerV1.sol
Auditor Severity Rating: Minor
Description: The
safeApprove
instruction performed by thedeploy
function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.Status: Fixed
The
_approve
function was refactored to accept an additional argument and is now safely utilized in the linked code.
Fix on Github:
TMP-M TokeMigrationPool.sol
Auditor Severity Rating: Minor
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
TVP-M TokeVotePool.sol
Auditor Severity Rating: Minorr
Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set.Status: Fixed
The function can now only be executed when the
destinations.destinationOnL2
value has been set.
Fix on Github:
VTR-M VoteTracker.sol
Auditor Severity Rating: Medium
Description: The
setVoteMultipliers
function does not properly sanitize the input array against duplicates which can significantly impact the logic of the contract.Status: Fixed
Duplicates are now properly prevented by ensuring that the vote multiplier of a particular token is zero.
Fix on Github:
Last updated