Omniscia Echidna Finance Audit
RewardFactory Manual Review Findings
RewardFactory Manual Review Findings
RFY-01M: Redundant Re-Invocation Capability
Type | Severity | Location |
---|---|---|
Logical Fault | Minor | RewardFactory.sol:L33-L40 |
Description:
The linked function initializes sensitive contract variables and as such should be invoked only once.
Example:
contracts/rewards/RewardFactory.sol
33function setImpl(34 address _RewardPoolImpl,35 address _virtualBalanceRewardPoolimpl36) public {37 require(msg.sender == IBooster(booster).owner(), "!auth");38 RewardPoolImpl = _RewardPoolImpl;39 virtualBalanceRewardPoolimpl = _virtualBalanceRewardPoolimpl;40}
Recommendation:
We advise this to be enforced via a require
check that ensures the implementations haven't already been set.
Alleviation:
The Echidna Finance team stated that they wish to be able to update the reward pool implementations if needed and as such, this functionality will remain in the codebase.