Omniscia Echidna Finance Audit
Booster Static Analysis Findings
Booster Static Analysis Findings
BOO-01S: Improper Invocation of EIP-20 transferFrom
Type | Severity | Location |
---|---|---|
Standard Conformity | Minor | Booster.sol:L324-L328 |
Description:
The linked statement does not properly validate the returned bool
of the EIP-20 standard transferFrom
function. As the standard dictates, callers must not assume that false
is never returned.
Example:
contracts/core/Booster.sol
320if (321 extraRewardAmount != 0 &&322 extraRewardsPools[_pid].virtualBalanceRewardPool != address(0x0)323) {324 IERC20(extraRewardsPools[_pid].token).transferFrom(325 address(depositorProxy),326 address(this),327 extraRewardAmount328 );329
330 SafeERC20.safeApprove(331 IERC20(extraRewardsPools[_pid].token),332 extraRewardsPools[_pid].virtualBalanceRewardPool,333 0334 );335 SafeERC20.safeApprove(336 IERC20(extraRewardsPools[_pid].token),337 extraRewardsPools[_pid].virtualBalanceRewardPool,338 extraRewardAmount339 );340
341 IVirtualBalanceRewardPool(342 extraRewardsPools[_pid].virtualBalanceRewardPool343 ).queueNewRewards(extraRewardAmount);344}
Recommendation:
Since not all standardized tokens are EIP-20 compliant (such as Tether / USDT), we advise a safe wrapper library to be utilized instead such as SafeERC20
by OpenZeppelin to opportunistically validate the returned bool
only if it exists.
Alleviation:
The bool
variables are now utilized directly.
BOO-02S: Redundant bool
Variable Comparison
Type | Severity | Location |
---|---|---|
Gas Optimization | Informational | Booster.sol:L226, L412 |
Description:
The linked statements perform a direct comparison between a bool
variable and a bool
literal.
Example:
contracts/core/Booster.sol
412if (distributeRewards == true) {
Recommendation:
We advise the bool
variable to be utilized directly instead either in its normal or negated (!
) form.
Alleviation:
The safeTransferFrom
function is now properly utilized in the code.