Omniscia Flisko Audit

IDO Static Analysis Findings

IDO-01S: Inexistent Data Sanitization

Type	Severity	Location
Input Sanitization	Minor	IDO.sol:L81

Description:

The constructor of the IDO contract performs no sanitization on its input data arguments.

Example:

contracts/IDO.sol

80constructor(
81    uint256[15] memory data,
82    address _idoToken,
83    address _staking,
84    address _swapToken
85) {
86    swapStartDate = data[0];
87    idoToken = IERC20(_idoToken);
88    regStartDate = data[1];
89    staking = KSTStaking(_staking);
90    regEndDate = data[2];
91    swapToken = IERC20(_swapToken);
92    claimStartTime = data[3];
93    totalIdoTokens = data[9];
94    t1.tier = Tiers.TIER1;
95    t2.tier = Tiers.TIER2;
96    t3.tier = Tiers.TIER3;
97    t4.tier = Tiers.TIER4;
98    t5.tier = Tiers.TIER5;
99    t1.perc = data[4];
100    t2.perc = data[5];
101    t3.perc = data[6];
102    t4.perc = data[7];
103    t5.perc = data[8];
104
105    t1.swapStart = data[0];
106    t1.swapEnd = t1.swapStart.add(data[10]);
107
108    t2.swapStart = t1.swapEnd;
109    t2.swapEnd = t2.swapStart.add(data[11]);
110
111    t3.swapStart = t2.swapEnd;
112    t3.swapEnd = t3.swapStart.add(data[12]);
113
114    t4.swapStart = t3.swapEnd;
115    t4.swapEnd = t4.swapStart.add(data[13]);
116
117    t5.swapStart = t4.swapEnd;
118    t5.swapEnd = t5.swapStart.add(data[14]);
119    swapTokenDecimals = IERC20Metadata(_swapToken).decimals();
120    idoTokenDecimals = IERC20Metadata(_idoToken).decimals();
121}

Recommendation:

We advise them to be properly vetted i.e. by ensuring the start and end times are sane or that the tier percentages do not exceed 100% as these values cannot be adjusted and would result in a misconfiguration of the system.

Alleviation:

The address and data arguments are now properly validated via their corresponding require checks.

IDO-02S: Data Location Optimization

Type	Severity	Location
Gas Optimization	Informational	IDO.sol:L145

Description:

The addTier1Users is declared as external yet possesses a memory array argument.

Example:

contracts/IDO.sol

145function addTier1Users(address[] memory users) external onlyOwner {
146    for (uint256 i = 0; i < users.length; i++) {
147        t1.allowedSwap[users[i]] = true;
148    }
149}

Recommendation:

We advise the data location of the array to be set as calldata greatly optimizing the gas cost of the function.

Alleviation:

The data location of the argument was properly set to calldata.

Omniscia Flisko Audit

IDO Static Analysis Findings

IDO Static Analysis Findings

IDO-01S: Inexistent Data Sanitization

Description:

Example:

Recommendation:

Alleviation:

IDO-02S: Data Location Optimization

Description:

Example:

Recommendation:

Alleviation:

Code Style

KST.sol (KST-S)

On this page