Omniscia Hot Cross Audit

CrossPool Static Analysis Findings

CPL-01S: Unchecked Return Variables

Type	Severity	Location
Standard Conformity	Minor	CrossPool.sol:L320, L350, L367

Description:

The linked ERC-20 transfer and transferFrom invocations do not conform to the specification which states that callers of these functions should not assume that they revert on failure.

Example:

contracts/CrossPool.sol

364function emergencyWithdraw(uint256 pid) public {
365  PoolInfo storage pool = poolInfo[pid];
366  UserInfo storage user = userInfo[pid][msg.sender];
367  pool.stakingToken.transfer(address(msg.sender), user.amount);
368
369  emit EmergencyWithdraw(msg.sender, user.amount);
370
371  user.amount = 0;
372  user.rewardDebt = 0;
373  user.accClaim = 0;
374}

Recommendation:

We advise a wrapper implementation of ERC-20 to be utilized, such as SafeERC20 by OpenZeppelin, to safely invoke these methods via the safeTransfer and safeTransferFrom functions respectively.

Alleviation:

The SafeERC20 wrapper was properly utilized in all relevant instances opportunistically evaluating the returned bool variable properly.

Omniscia Hot Cross Audit

CrossPool Static Analysis Findings

CrossPool Static Analysis Findings

CPL-01S: Unchecked Return Variables

Description:

Example:

Recommendation:

Alleviation:

Code Style

RewardVault.sol (RVT-S)

On this page