Omniscia DAFI Audit
StakingDatabase Manual Review Findings
StakingDatabase Manual Review Findings
SDE-01M: Inexistent Reversal of Authority
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | StakingDatabase.sol:L211-L214 |
Description:
The addWhitelist function is a one-way function to authorize a designated party as able to adjust various configurational parameters of the staking protocol.
Example:
211function addWhitelist(address account) external onlyOwner {212require(account != address(0));213whitelists[account] = true;214}Recommendation:
We advise the system to be slightly restructured by introducing a method to remove individuals from the whitelist. This would potentially allow the owner of the contract to "race" a malicious transaction and salvage the action of a misbehaving whitelisted member.
Alleviation:
An onlyOwner whitelist removal function was properly introduced to the contract.
SDE-02M: Unused Contract Member
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | StakingDatabase.sol:L49, L195-L197 |
Description:
The stakers array remains untouched when a new stake is initialized, leading it to contain misleading information.
Example:
195function getUserCount() external view returns(uint) {196return stakers.length;197}Recommendation:
We advise the array to either be utilized by pushing a new member when a stake is first initialized in addStake or to be deleted from the codebase as it serves no purpose within StakingManagerV1.
Alleviation:
The addStake function now properly pushes the user to the stakers array thus providing a valid reason for its existence.