Omniscia Flisko Audit
KSTStaking Static Analysis Findings
KSTStaking Static Analysis Findings
KSS-01S: Unutilized Return Values
| Type | Severity | Location |
|---|---|---|
| External Call Validation | Minor | KSTStaking.sol:L44, L54 |
Description:
The linked statements perform transfer and transferFrom invocations whose proper execution remains unchecked.
Example:
contracts/KSTStaking.sol
42function stake(uint256 value) external notHalted {43 require(value > 0, "KSTStaking: stake value should be greater than 0");44 _token.transferFrom(_msgSender(), address(this), value);45
46 _balances[_msgSender()] = _balances[_msgSender()].add(value);47 emit Stake(_msgSender(),block.timestamp,value);48}Recommendation:
We advise proper code to be introduced handling the bool return value of the ERC20 standard opportunistically. To this end, we recommed the usage of the SafeERC20 OpenZeppelin library.
Alleviation:
Both transfer and transferFrom invocations were replaced by their safe prefixed counterparts.
KSS-02S: Inexistent Zero Address Check
| Type | Severity | Location |
|---|---|---|
| Input Sanitization | Informational | KSTStaking.sol:L26-L28 |
Description:
The constructor of the contract accepts an address argument that remains unsanitized.
Example:
contracts/KSTStaking.sol
26constructor(address token) {27 _token = IERC20(token);28}Recommendation:
We advise a zero-address check to be imposed to ensure no misconfiguration of the contracts can occur.
Alleviation:
A require check was introduced properly sanitizing the input argument of the constructor.