Omniscia Alliance Block Audit

NonCompoundingRewardsPoolFactory Manual Review Findings

NCP-01M: Non-Standard Pool Seeding

Type	Severity	Location
Standard Conformity	Minor	NonCompoundingRewardsPoolFactory.sol:L118-L121

Description:

The current deploy function implementation expects the funds that are meant to seed a particular pool's deployment to be transferred to the contract ahead of time instead of utilizing the conventional transferFrom pattern.

Example:

contracts/V2/factories/NonCompoundingRewardsPoolFactory.sol

111for (uint256 i = 0; i < _rewardsTokens.length; i++) {
112    uint256 rewardsAmount =
113        calculateRewardsAmount(
114            _startBlock,
115            _endBlock,
116            _rewardPerBlock[i]
117        );
118    IERC20Detailed(_rewardsTokens[i]).safeTransfer(
119        rewardPool,
120        rewardsAmount
121    );
122}

Recommendation:

We advise that the transferFrom paradigm is implemented instead since it prohibits funds remaining at rest within the contract and is generally considered a better security practice as it disallows the utillization of accidentally sent funds to the factory from being consumed by the pool creation process.

Alleviation:

The changes necessary for this exhibit to be alleviated would require a design change and thus the Alliance Block team opted not to proceed with them.

Omniscia Alliance Block Audit

NonCompoundingRewardsPoolFactory Manual Review Findings

NonCompoundingRewardsPoolFactory Manual Review Findings

NCP-01M: Non-Standard Pool Seeding

Description:

Example:

Recommendation:

Alleviation:

LockScheme.sol (LSE-M)

RewardsPoolBase.sol (RPB-M)

On this page