Omniscia 2/23/2022
Omniscia Tokemak Network Audit
Omniscia Tokemak Network Audit
Issues IDs Summary:
BTR-01M BalanceTracker.sol
  • Auditor Severity Rating: Major
  • Description: _delegate function permits delegation of balances to account whos balance has not been properly initialized
  • Status: Fixed
    • The code has been adjusted so that the _delegate function also overwrites the token entry of the newDelegateBal, ensuring that it will always be non-zero.
  • Fix on Github:
DFN-M DelegateFunction.sol
  • Auditor Severity Rating: Minor
  • Description: The delegateWithEIP1271 function utilizes a contract-level nonce system that can cause race conditions to arise should multiple users attempt to submit a valid EIP-1271 signature for the same nonce.
  • Status: No Fix Needed
    • The Tokemak team has stated that they do not envision the race-behaviour to materialize in real-world use cases as the function is meant to be seldomly invoked.
  • Fix on Github: N/A
EPL-M EthPool.sol
  • Auditor Severity Rating: Minor
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
MAN-M Manager.sol
  • Auditor Severity Rating: Minor
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
OCV-M OnChainVoteL1.sol
  • Auditor Severity Rating: Minor
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
POO-M Pool.sol
  • Auditor Severity Rating: Minor
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
STA-M Staking.sol
  • Auditor Severity Rating: Minor
  • Description: The slash mechanism fatally fails if the amount to be slashed exceeds the availableToSlash amount which can change between a transaction's submission and a transaction's execution in the network.
  • Status: No Fix Needed
    • The Tokemak team stated that the function should indeed fatally fail in case the amount slashed mismatches the on-chain balance given that this can also mean the off-chain calculations were performed incorrectly. As a result, we consider this exhibit null.
  • Fix on Github: n/a
SSC-M SushiSwapControllerV2.sol
  • Auditor Severity Rating: Minor
  • Description: The safeApprove instruction performed by the deploy function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.
  • Status: Fixed
    • The _approve function was refactored to accept an additional argument and is now safely utilized in the linked code.
  • Fix on Github:
SCV-M SushiswapControllerV1.sol
  • Auditor Severity Rating: Minor
  • Description: The safeApprove instruction performed by the deploy function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team.
  • Status: Fixed
    • The _approve function was refactored to accept an additional argument and is now safely utilized in the linked code.
  • Fix on Github:
TMP-M TokeMigrationPool.sol
  • Auditor Severity Rating: Minor
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
TVP-M TokeVotePool.sol
  • Auditor Severity Rating: Minorr
  • Description: The setEventSend function should only set the _eventSend value to true when the values of the destinations struct have been set.
  • Status: Fixed
    • The function can now only be executed when the destinations.destinationOnL2 value has been set.
  • Fix on Github:
VTR-M VoteTracker.sol
  • Auditor Severity Rating: Medium
  • Description: The setVoteMultipliers function does not properly sanitize the input array against duplicates which can significantly impact the logic of the contract.
  • Status: Fixed
    • Duplicates are now properly prevented by ensuring that the vote multiplier of a particular token is zero.
  • Fix on Github:
Copy link