Omniscia Echidna Finance Audit

EcdPtpToken Manual Review Findings

EPT-01M: Improper Initialize Pattern

Type	Severity	Location
Logical Fault	Major	EcdPtpToken.sol:L17-L20

Description:

The linked initialize pattern can cause an on-chain race condition to manifest whereby a malicious user / bot detects the initialize function execution and instead executes it first with a malicious _operator.

Example:

contracts/core/EcdPtpToken.sol

17function initialize(address _operator) external {
18    require(operator == address(0x0));
19    operator = _operator;
20}

Recommendation:

We advise the contract to implement the ownable pattern and the function to be invoke-able only by the owner after which ownership is renounced.

Alleviation:

The code was adjusted to instead store a _deployer variable that is utilized to guard access to the initialize function thus preventing a race condition from manifesting.

Omniscia Echidna Finance Audit

EcdPtpToken Manual Review Findings

EcdPtpToken Manual Review Findings

EPT-01M: Improper Initialize Pattern

Description:

Example:

Recommendation:

Alleviation:

EcdPtpStaking.sol (EPS-M)

EcdToken.sol (ETN-M)

On this page