App Github

Halborn June 2022 - Voting Delegation Staking

Summary:

(HAL-01) DELEGATED TOKEN BALANCE CAN BE DOUBLED

  • Recommendation: It is recommended to clear the balance of unsupported tokens. The contract must not track the balance of the removed tokens.

  • Risk Level: Critical

  • Status: SOLVED - 19/07/2022

  • Additional Notes: The Tokemak team solved the issue by keeping track of whether a token has been removed and checking it when adding new tokens.

(HAL-02) WRONG EVENT SIGNATURE LEADS UNCHANGING OF BALANCE DURING SLASHING

  • Recommendation: It is suggested to change the event signature to Slash from Slashed for the Slashing event.

  • Risk Level: High

  • Status: SOLVED - 19/07/2022

  • Additional Notes: The Tokemak team solved the issue by replacing Slashed event with Slash.

(HAL-03) LACK OF ZERO ADDRESS CHECK

  • Recommendation: It is recommended to validate that each address input is non-zero.

  • Risk Level: Low

  • Status: SOLVED - 19/07/2022

  • Additional Notes: The Tokemak team solved the issue by adding sanity checks for zero addresses.

(HAL-04) PRAGMA VERSION

  • Recommendation: At the time of this audit, the current version is already at 0.8.14. When possible, use the most up-to-date and tested pragma versions to take advantage of new features that provide checks and accounting, as well as to avoid using unsafe code.

  • Risk Level: Low

  • Status: RISK ACCEPTED

  • Additional Notes: These will be upgrades to existing contracts. We have kept the pragma at its originally deployed version to ensure compatibility. Development of new contracts are at 0.8+

(HAL-05) EXPERIMENTAL KEYWORD USAGE

  • Recommendation: When possible, do not use experimental features in the final live deployment.

  • Risk Level: Informational

  • Status: ACKNOWLEDGED

  • Additional Notes: The Tokemak team acknowledges this finding.

(HAL-06) USE OF I++ INSTEAD OF ++I IN FOR LOOPS - GAS OPTIMIZATION

  • Recommendation: It is recommended to use ++i instead of i++ to increment the value of a uint variable within a loop. This also applies to variables declared inside the for loop, not just the iterator. On the other hand, this is not applicable outside of loops.

  • Risk Level: Informational

  • Status: SOLVED - 19/07/2022

  • Additional Notes: The Tokemak team solved the issue. The specified for loops above were optimized after replacing postfix increments with prefix increments.

(HAL-07) DEPRECATED VARIABLES SHOULD BE REMOVED

  • Recommendation: It is suggested to remove unused variables from code to increase readability and lower gas consumption.

  • Risk Level: Informational

  • Status: ACKNOWLEDGED

  • Additional Notes: This will be an upgrade to an existing contract. Variables have been kept to ensure compatibility.

(HAL-08) UNNECESSARY PARAMETER USAGE

  • Recommendation: It is recommended to set address(0) by default for to parameter on the DelegationDisabled data type.

  • Risk Level: Informational

  • Status: ACKNOWLEDGED

  • Additional Notes: The Tokemak team acknowledged this finding.

PDF Embed:

PreviousHalborn July 2022 - WebApp PentestNextHalborn April 2022 - Reserve and Controllers

Last updated