Omniscia Echidna Finance Audit

VirtualBalanceRewardPool Manual Review Findings

VBR-01M: Inexistent Prevention of Re-Initialization

Type	Severity	Location
Logical Fault	Major	VirtualBalanceRewardPool.sol:L57-L60

Description:

The initialize function can be arbitrarily invoked and compromise the system.

Example:

contracts/rewards/VirtualBalanceRewardPool.sol

57function initialize(address deposit_, address reward_) public {
58    deposits = IRewardPool(deposit_);
59    rewardToken = IERC20(reward_);
60}

Recommendation:

We advise a logical check to be imposed here similarly to the assert statement in the RewardPool implementation whereby the rewardToken member is validated to be uninitialized.

Alleviation:

An assert statement was introduced that ensures the function cannot be re-invoked. While a valid remediation for the issue, we advise the Echidna Finance team to utilize a require check instead to ensure a more optimal gas refund in case of failure.

Omniscia Echidna Finance Audit

VirtualBalanceRewardPool Manual Review Findings

VirtualBalanceRewardPool Manual Review Findings

VBR-01M: Inexistent Prevention of Re-Initialization

Description:

Example:

Recommendation:

Alleviation:

VeEcdRewardsPool.sol (VER-M)

Booster.sol (BOO-C)

On this page