Omniscia Flourishing Capital Audit
FlourishingAIToken Manual Review Findings
FlourishingAIToken Manual Review Findings
FAI-01M: Inherent Race Condition
| Type | Severity | Location |
|---|---|---|
| Logical Fault | Medium | FlourishingAIToken.sol:L22-L24 |
Description:
The current system design is such that a user is meant to be minted tokens after being set to a particular vesting schedule. However, this causes underflows to occur in the available balance of the user and should the order be reversed (with tokens minted prior to the schedule applied), the user would be able to "race" the transaction and transact their tokens before the vesting schedule is applied.
Example:
contracts/FlourishingAIToken.sol
22tion mint(address to, uint256 amount) public onlyAdmin {23_mint(to, amount);Recommendation:
We advise the mint function to be replaced by a mintVest function (or something similar) that mints the tokens and applies a vesting schedule in a single transaction to prevent race conditions from manifesting.
Alleviation:
The development team has acknowledged this exhibit but decided to not apply its remediation in the current version of the codebase.