Omniscia Echidna Finance Audit
VirtualBalanceRewardPool Manual Review Findings
VirtualBalanceRewardPool Manual Review Findings
VBR-01M: Inexistent Prevention of Re-Initialization
Type | Severity | Location |
---|---|---|
Logical Fault | Major | VirtualBalanceRewardPool.sol:L57-L60 |
Description:
The initialize
function can be arbitrarily invoked and compromise the system.
Example:
contracts/rewards/VirtualBalanceRewardPool.sol
57function initialize(address deposit_, address reward_) public {58 deposits = IRewardPool(deposit_);59 rewardToken = IERC20(reward_);60}
Recommendation:
We advise a logical check to be imposed here similarly to the assert
statement in the RewardPool
implementation whereby the rewardToken
member is validated to be uninitialized.
Alleviation:
An assert
statement was introduced that ensures the function cannot be re-invoked. While a valid remediation for the issue, we advise the Echidna Finance team to utilize a require
check instead to ensure a more optimal gas refund in case of failure.