Omniscia DAFI Protocol Audit

DAFITokenBSC Manual Review Findings

DAI-01M: Inexistent Adjustment of Allowance

Type	Severity	Location
Logical Fault	Major	DAFITokenBSC.sol:L30

Description:

The burnFrom operation does not properly reduce the allowance that the _beneficiary has approved to the bridge, causing it to misbehave.

Example:

contracts/DAFITokenBSC.sol

27function burnFrom(uint256 _value, address _beneficiary) external onlyBridge {
28    require(_beneficiary != address(0),"Beneficiary cannot be ZERO ADDRESS");
29    require(balanceOf(_beneficiary) >= _value, "User does not have sufficient tokens to burn");
30    require(_value <= allowed[_beneficiary][msg.sender], "user did not approve the bridge to burn the said amount.");
31
32    _totalSupply = _totalSupply - _value;
33    balances[_beneficiary] = balances[_beneficiary] - _value;
34
35    emit Transfer(_beneficiary, address(0), _value);
36}

Recommendation:

We advise the allowed data entry to be updated accordingly as otherwise smart contracts interacting with the bridge can misbehave greatly.

Alleviation:

The allowance is now properly updated by subtracting the _value utilized from the allowed entry.

Omniscia DAFI Protocol Audit

DAFITokenBSC Manual Review Findings

DAFITokenBSC Manual Review Findings

DAI-01M: Inexistent Adjustment of Allowance

Description:

Example:

Recommendation:

Alleviation:

DAFITOKENETH.sol (DAF-M)

EthBridgeOptimized.sol (EBO-M)

On this page