Omniscia Echidna Finance Audit
Booster Manual Review Findings
Booster Manual Review Findings
BOO-01M: Deprecated Approval Paradigm
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | Booster.sol:L297-L298, L314-L315, L330-L339, L450-L459 |
Description:
The linked statements utilize the safeApprove
function that has been officially deprecated.
Example:
contracts/core/Booster.sol
296//send stakers's share of ptp to reward contract297SafeERC20.safeApprove(ptp, ecdStakerRewardPool, 0);298SafeERC20.safeApprove(ptp, ecdStakerRewardPool, amount);
Recommendation:
We advise a direct approve
instruction to be utilized instead as the statements are indeed meant to replace any previously set allowance to the new one.
Alleviation:
A direct approve
statement is now utilized in all referenced instances in place of the deprecated paradigm.
BOO-02M: Improper Approval Assignment
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | Booster.sol:L296-L298 |
Description:
The linked code improperly assigns the allowance the ecdStakerRewardPool
contract should possess as it assigns an approval equal to amount
instead of _ecdLockedIncentive
.
Example:
contracts/core/Booster.sol
296//send stakers's share of ptp to reward contract297SafeERC20.safeApprove(ptp, ecdStakerRewardPool, 0);298SafeERC20.safeApprove(ptp, ecdStakerRewardPool, amount);299
300IVeEcdRewardsPool(ecdStakerRewardPool).queueNewRewards(301 _ecdLockedIncentive302);
Recommendation:
We advise the code to be revised to utilize the proper approval amount.
Alleviation:
The approvals were refactored to be performed on a need-to basis thereby alleviating this exhibit.