Omniscia 2/23/2022
Issues IDs Summary:
BTR-01M BalanceTracker.sol
- Auditor Severity Rating: Major
- Description:
_delegate
function permits delegation of balances to account whos balance has not been properly initialized - Status: Fixed
- The code has been adjusted so that the
_delegate
function also overwrites the token entry of thenewDelegateBal
, ensuring that it will always be non-zero.
- Fix on Github:
DFN-M DelegateFunction.sol
- Auditor Severity Rating: Minor
- Description: The delegateWithEIP1271 function utilizes a contract-level nonce system that can cause race conditions to arise should multiple users attempt to submit a valid EIP-1271 signature for the same nonce.
- Status: No Fix Needed
- The Tokemak team has stated that they do not envision the race-behaviour to materialize in real-world use cases as the function is meant to be seldomly invoked.
- Fix on Github: N/A
EPL-M EthPool.sol
- Auditor Severity Rating: Minor
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
MAN-M Manager.sol
- Auditor Severity Rating: Minor
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
OCV-M OnChainVoteL1.sol
- Auditor Severity Rating: Minor
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
POO-M Pool.sol
- Auditor Severity Rating: Minor
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
STA-M Staking.sol
- Auditor Severity Rating: Minor
- Description: The
slash
mechanism fatally fails if theamount
to be slashed exceeds theavailableToSlash
amount which can change between a transaction's submission and a transaction's execution in the network. - Status: No Fix Needed
- The Tokemak team stated that the function should indeed fatally fail in case the amount slashed mismatches the on-chain balance given that this can also mean the off-chain calculations were performed incorrectly. As a result, we consider this exhibit null.
- Fix on Github: n/a
SSC-M SushiSwapControllerV2.sol
- Auditor Severity Rating: Minor
- Description: The
safeApprove
instruction performed by thedeploy
function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team. - Status: Fixed
- The
_approve
function was refactored to accept an additional argument and is now safely utilized in the linked code.
- Fix on Github:
SCV-M SushiswapControllerV1.sol
- Auditor Severity Rating: Minor
- Description: The
safeApprove
instruction performed by thedeploy
function will fail to execute properly in case of a contract upgrade as it internally validates that a zero allowance exists in case of a non-zero allowance update. Additionally, it has been marked as "deprecated" by the OpenZeppelin team. - Status: Fixed
- The
_approve
function was refactored to accept an additional argument and is now safely utilized in the linked code.
- Fix on Github:
TMP-M TokeMigrationPool.sol
- Auditor Severity Rating: Minor
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
TVP-M TokeVotePool.sol
- Auditor Severity Rating: Minorr
- Description: The
setEventSend
function should only set the_eventSend
value totrue
when the values of thedestinations
struct have been set. - Status: Fixed
- The function can now only be executed when the
destinations.destinationOnL2
value has been set.
- Fix on Github:
VTR-M VoteTracker.sol
- Auditor Severity Rating: Medium
- Description: The
setVoteMultipliers
function does not properly sanitize the input array against duplicates which can significantly impact the logic of the contract. - Status: Fixed
- Duplicates are now properly prevented by ensuring that the vote multiplier of a particular token is zero.
- Fix on Github: