Halborn June 2022 - Voting Delegation Staking
Summary:
(HAL-01) DELEGATED TOKEN BALANCE CAN BE DOUBLED
Recommendation: It is recommended to clear the balance of unsupported tokens. The contract must not track the balance of the removed tokens.
Risk Level: Critical
Status: SOLVED - 19/07/2022
Additional Notes: The Tokemak team solved the issue by keeping track of whether a token has been removed and checking it when adding new tokens.
(HAL-02) WRONG EVENT SIGNATURE LEADS UNCHANGING OF BALANCE DURING SLASHING
Recommendation: It is suggested to change the event signature to Slash from Slashed for the Slashing event.
Risk Level: High
Status: SOLVED - 19/07/2022
Additional Notes: The Tokemak team solved the issue by replacing Slashed event with Slash.
(HAL-03) LACK OF ZERO ADDRESS CHECK
Recommendation: It is recommended to validate that each address input is non-zero.
Risk Level: Low
Status: SOLVED - 19/07/2022
Additional Notes: The Tokemak team solved the issue by adding sanity checks for zero addresses.
(HAL-04) PRAGMA VERSION
Recommendation: At the time of this audit, the current version is already at 0.8.14. When possible, use the most up-to-date and tested pragma versions to take advantage of new features that provide checks and accounting, as well as to avoid using unsafe code.
Risk Level: Low
Status: RISK ACCEPTED
Additional Notes: These will be upgrades to existing contracts. We have kept the pragma at its originally deployed version to ensure compatibility. Development of new contracts are at 0.8+
(HAL-05) EXPERIMENTAL KEYWORD USAGE
Recommendation: When possible, do not use experimental features in the final live deployment.
Risk Level: Informational
Status: ACKNOWLEDGED
Additional Notes: The Tokemak team acknowledges this finding.
(HAL-06) USE OF I++ INSTEAD OF ++I IN FOR LOOPS - GAS OPTIMIZATION
Recommendation: It is recommended to use ++i instead of i++ to increment the value of a uint variable within a loop. This also applies to variables declared inside the for loop, not just the iterator. On the other hand, this is not applicable outside of loops.
Risk Level: Informational
Status: SOLVED - 19/07/2022
Additional Notes: The Tokemak team solved the issue. The specified for loops above were optimized after replacing postfix increments with prefix increments.
(HAL-07) DEPRECATED VARIABLES SHOULD BE REMOVED
Recommendation: It is suggested to remove unused variables from code to increase readability and lower gas consumption.
Risk Level: Informational
Status: ACKNOWLEDGED
Additional Notes: This will be an upgrade to an existing contract. Variables have been kept to ensure compatibility.
(HAL-08) UNNECESSARY PARAMETER USAGE
Recommendation: It is recommended to set address(0) by default for to parameter on the DelegationDisabled data type.
Risk Level: Informational
Status: ACKNOWLEDGED
Additional Notes: The Tokemak team acknowledged this finding.
PDF Embed:
Last updated