Omniscia Echidna Finance Audit
EcdToken Manual Review Findings
EcdToken Manual Review Findings
ETN-01M: Improper Commit Mechanism
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Minor | EcdToken.sol:L83-L89 |
Description:
The commit mechanism does not check whether the pending value has already been cleared permitting the owner to set the commit's sensitive value to 0 at all times.
Example:
contracts/governance/EcdToken.sol
83/** @notice Commit the latest queued operator.84 */85function commitOperator() external onlyOwner {86 require(delayNewOperator <= block.timestamp);87 operators[newOperator] = true;88 newOperator = address(0x0);89}Recommendation:
We advise an extra require check to be introduced ensuring the value-to-be-set is non-zero.
Alleviation:
The additional require check was properly introduced to the code as advised.
ETN-02M: Inexistent Validation of Inflation Rate
| Type | Severity | Location |
|---|---|---|
| Input Sanitization | Minor | EcdToken.sol:L19 |
Description:
The inflationRate_ supplied during the contract's creation is not properly sanitized as being at most equal to FACTOR.
Example:
contracts/governance/EcdToken.sol
16/**17 * @dev Sets the value of the `cap`.18 */19constructor(uint256 cap_, uint256 inflationRate_) {20 require(cap_ > 0, "ERC20Capped: cap is 0");21 _cap = cap_;22 _inflationRate = inflationRate_;23 increaseAfter = block.timestamp + DELAY;24}25
26/**27 * @dev Returns the cap on the token's total supply.28 */29function cap() public view virtual returns (uint256) {30 return _cap;31}32
33/**34 * @dev See {ERC20-_mint}.35 */36function _mint(address account, uint256 amount) internal virtual override {37 require(38 ERC20.totalSupply() + amount <= cap(),39 "ERC20Capped: cap exceeded"40 );41 super._mint(account, amount);42}43
44function _increaseCap() internal {45 require(increaseAfter < block.timestamp);46 _cap += (_cap * _inflationRate) / FACTOR;47 increaseAfter = block.timestamp + DELAY;48}Recommendation:
We advise this to be introduced as otherwise an exponential inflation curve can be introduced via misconfiguration.
Alleviation:
A require check was properly introduced ensuring that the inflationRate_ is at most equal to the _FACTOR.