Omniscia Echidna Finance Audit
Booster Manual Review Findings
Booster Manual Review Findings
BOO-01M: Deprecated Approval Paradigm
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | Minor | Booster.sol:L297-L298, L314-L315, L330-L339, L450-L459 |
Description:
The linked statements utilize the safeApprove function that has been officially deprecated.
Example:
contracts/core/Booster.sol
296//send stakers's share of ptp to reward contract297SafeERC20.safeApprove(ptp, ecdStakerRewardPool, 0);298SafeERC20.safeApprove(ptp, ecdStakerRewardPool, amount);Recommendation:
We advise a direct approve instruction to be utilized instead as the statements are indeed meant to replace any previously set allowance to the new one.
Alleviation:
A direct approve statement is now utilized in all referenced instances in place of the deprecated paradigm.
BOO-02M: Improper Approval Assignment
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | Booster.sol:L296-L298 |
Description:
The linked code improperly assigns the allowance the ecdStakerRewardPool contract should possess as it assigns an approval equal to amount instead of _ecdLockedIncentive.
Example:
contracts/core/Booster.sol
296//send stakers's share of ptp to reward contract297SafeERC20.safeApprove(ptp, ecdStakerRewardPool, 0);298SafeERC20.safeApprove(ptp, ecdStakerRewardPool, amount);299
300IVeEcdRewardsPool(ecdStakerRewardPool).queueNewRewards(301 _ecdLockedIncentive302);Recommendation:
We advise the code to be revised to utilize the proper approval amount.
Alleviation:
The approvals were refactored to be performed on a need-to basis thereby alleviating this exhibit.