Omniscia rain protocol Audit
Trust Manual Review Findings
Trust Manual Review Findings
TRU-01M: Deprecated Usage of Safe Approval
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | Trust.sol:L995, L999, L1003 |
Description:
The linked safeApprove instructions have been officially deprecated by OpenZeppelin and additionally can lead to a contract freeze in case the seeder and creator are the same address.
Example:
994if (seederPay_ > 0) {995 reserve.safeApprove(seeder, seederPay_);996}997
998if (creatorPay_ > 0) {999 reserve.safeApprove(creator, creatorPay_);1000}1001
1002if (tokenPay_ > 0) {1003 reserve.safeApprove(address(token), tokenPay_);1004}Recommendation:
We advise the safeIncreaseApproval function to be utilized instead to ensure that if the seeder and creator are equivalent the contract does not freeze.
Alleviation:
The safeIncreaseApproval function is now utilized in all three linked instances.
TRU-02M: Documentation Discrepancies
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | Trust.sol:L160, L161, L163, L164, L197, L878, L911 |
Description:
The documentation of the contract contains several discrepancies in the function names it utilizes as well as the ownership structure it is meant to follow as it implies in certain functions that only the owner should be able to call them which is untrue.
Example:
911/// Allow the owner to end the Balancer style dutch auction.912/// Moves from `Phase.TWO` to `Phase.THREE` to indicate the auction has913/// ended.914/// `Phase.TWO` is scheduled by `startDutchAuction`.915/// Removes all LP tokens from the Balancer pool.916/// Burns all unsold redeemable tokens.917/// Forwards the reserve balance to the owner.918// `SaturatingMath` is used in case there is somehow an edge case not919// considered that causes overflow/underflow, we still want to approve920// the final state so as not to trap funds with an underflow error.921function endDutchAuction() public onlyPhase(PHASE_CAN_END) {Recommendation:
We advise the documentation of the contract to be cleaned up reflecting the latest version of the contract's logic. We should note that the linked line 878 contains a typo that should be corrected as well.
Alleviation:
The documentation of the relevant function was corrected to showcase that any user should be able to invoke it. Additionally, all top-level documentation was corrected to no longer reference inexistent functions.