Omniscia Echidna Finance Audit
EcdPtpStaking Manual Review Findings
EcdPtpStaking Manual Review Findings
EPS-01M: Improper Commit Mechanism
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | EcdPtpStaking.sol:L115-L119 |
Description:
The commit mechanism does not check whether the newEcdPtpPerSec
value has already been cleared permitting the owner to set the commit's sensitive value to 0 at all times.
Example:
contracts/rewards/EcdPtpStaking.sol
114/// @notice commit EcdPerSet115function commitEcdPtpPerSec() external onlyOwner {116 require(block.timestamp > delayNewEcdPtpPerSec, "too early");117 ecdPerSec = newEcdPtpPerSec;118 newEcdPtpPerSec = 0;119}
Recommendation:
We advise an extra require
check to be introduced ensuring the value-to-be-set is non-zero.
Alleviation:
The additional require
check was properly introduced to the code as advised.